07-11-2017 09:11 AM
Hello Community :-)
I am looking for ideas to plan a migration of an ASA 5520 (9.1.X) to a PA-220
The ASA is using a global access list, which is not tied to a specific interface-tier, and the migration tool is converting the firewall rules with loads of warning and errors.
Also, the migration tools is flagging many objects and objects groups as unused, when in reality, they are being used. These objects were created using ASDM.
Any feedback/help on this would be much appreciated.
07-11-2017 09:14 AM
Hi, if the groups are called like DM_INLINE or CSM_INLINE the tool is replacing by the members of the groups to match the rules seen in ADSM, there is why they are not used at the end...
For further investigation you could share the config to fwmigrate at paloaltonetworks dot com if you want to see what else is going.