Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-16-2020 01:11 PM
Trying to migrate an ASA which uses BGP and OSPF. Since the dynamic routing tables are not part of the ASA configuration, destination auto zoning does not work as expected. I thought of adding those dynamic routes as static routs to the ASA config (but there are too many) for the destination auto zoning to work. Is there any other work flow available for ASA with large dynamic routing tables?
11-16-2020 01:22 PM - edited 11-16-2020 01:22 PM
@Kushantha , Expedition does not currently support dynamic routing migration, so I would suggest you filter the security policies based on source or destination with a filter based on subnet, For example, if your subnet is 10.0.0.0/24 and you can filter policy basd on the subnet like below screenshot:
then highlight the security rules you want to apply zone and right-click on "Bulk Changes" -> Zones, to apply zone on source or destinations.
11-16-2020 02:09 PM
Thanks a lot. This is what I have been doing (update the zone based on subnet/IP).
I hope future iteration of Expedition will support us to import Cisco ASA routing tables separately, as it supports Check Point migration today.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
