Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
on 07-08-2020 08:50 AM - edited on 02-01-2024 04:19 AM by dpuigdomenec
Expedition supports migration sections of the below Vendor's configuration to PAN-OS configuration
**The list of tested Vendor OS version, version not listed here needs further validations
*** The UserID CN chain is extracted from the original configuration and integrated into the migrated security rule. However, the device configuration must be manually performed on the device itself.
Table1: Expedition supports converting 3rd Party vendors config sections (Updated on 2024/01/01)
Note: Table will be updated when new support added
|
Vendor |
Supported Vendor OS** |
Global Address Object |
Address Objects |
Address Group Objects |
Service Objects |
Service Group Objects |
User ID |
Security Policy |
NAT Policy |
Network Interface (L3 only) |
Routing(Static Routes Only) |
VPN |
|
Checkpoint |
R75,R77 |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ *** |
✔ |
✔ |
✔ |
✔ |
|
|
> R80 |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ *** |
✔ |
✔ |
✔ |
✔ |
||
|
Cisco |
ASA 9.0, 9.1,9.6,8.2,8.4, |
✔ |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
✔ |
|
FirePower [only in ASA syntax] |
✔ |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
||
|
Fortinet |
Fortigate 4.0, 5.0,6.0 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
|
|
IBM XGS |
5.1 |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
||
|
Juniper |
All Netscreen Firewalls (ScreenOS) |
✔ |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
|
|
Junos 11.4, 12.1, 12.3 |
✔ |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
|
|
|
Forcepoint |
Sidewinder |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
|||
|
Stonesoft |
✔ |
✔ |
✔ |
✔ |
|
✔ |
✔ |
✔ |
✔ |
Hi,
In my memories, there are some migration guide for these 3rd party devices, but I can't find it now.
Is there anyone have the link?
What I had downloaded before is "Forcepoint Sidewinder Migration Guide.pdf"
Thanks.
For Stormshield you can export the rules and objects in CSV and then use Expedtion to import these CSVs and build your configuration.
Hi @ghughes
Sorry but we do not have plans to add more supported 3rd party vendors to our list of parsers.
In case you need to execute a migration from a non-supported vendor (or even supported one at a big scale) I will encourage you to contact to your sales account contact for PS Migration Factory engagement.
Hope this helps,
Best,
David
Hi @iccnetmgr
Expedition tool is intended to help on migrations from 3rd party vendors and also to optimise the security posture on a PANOS device.
The migration you are describing could be done using PANOS features as export and import from old to new devices (you may need to update networking information and VPN configuration).
Once you have your configuration pushed to your new device you can download it to Expedition and do some optimisation like removing duplicates and merging similar policies among other features Expedition can help.
For assistance on the PANOS upgrade I will suggest you contact the TAC team so they can provide you more information and guides.
Hope this helps,
David
