L0 Member
Posts: 3
Registered: ‎03-09-2017

Migration tool - ASA with global access list

Hello Community :-)


I am looking for ideas to plan a migration of an ASA 5520 (9.1.X) to a PA-220


The ASA is using a global access list, which is not tied to a specific interface-tier, and the migration tool is converting the firewall rules with loads of warning and errors.


Also, the migration tools is flagging many objects and objects groups as unused, when in reality, they are being used. These objects were created using ASDM.


Any feedback/help on this would be much appreciated.





L7 Applicator
Posts: 647
Registered: ‎03-22-2011

Re: Migration tool - ASA with global access list

Hi, if the groups are called like DM_INLINE or CSM_INLINE the tool is replacing by the members of the groups to match the rules seen in ADSM, there is why they are not used at the end...


For further investigation you could share the config to fwmigrate at paloaltonetworks dot com if you want to see what else is going.