Hi. In my first few project using the Migration Tool 3.0, I'm using it to optimize existing Palo Alto Networks firewall configurations that are more port based and any/any rules than app-ID based rules. Sometimes these projects are like working on a moving target. The configuration on the live firewall is changing as we work to transform it into a true NGFW configuration. This means that from one day to the next, the running configuration has changed.
Is it possible to reload a configuration into an existing project in the Migration Tool?
I'm using Migration Tool while being connected to the firewall, and I have tried several different approaches to reload config into Migration Tool without success. I realize that the potential to mess up bad is great, but we were hoping to to a step-by-step transformation of the old config into a new app-ID based config, working through one section at a time. In the meantime previously untouched sections have changed, thus the need to reload.
Another question: Sometimes, there are bits and pieces of the configuration from the PAN firewall that are missing in the Migration tool. Right now, I have a multi VSYS config imported, but can find any of the server profiles in the Migration Tool. In another instance, we found all networking objects, but no zones..... Any clue?
Thanks for any insights
Config reload would indeed be a very useful feature that I need as well. Currently the only way to get this done (as far as I've found out) is removing the entire project and the device from the migration tool, and starting from scratch again.
Update on this:
To get the latest version from your device. Go to devices, Edit your device and type the user and password again and click on save, this will start the process to download the running configuration from the device and then store it into the tool.
If you remove from your project the configuration from the device (first unset the config as a base config and after select the config from the left panel and remove it) now you can import the updated config from the device.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!