Can Expedition migration Cisco Fire Power to Palo Alto?

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
junior_r
L3 Networker

Can Expedition migration Cisco Fire Power to Palo Alto?

Hi,

 

Can Expedition migration Cisco Fire Power to Palo Alto?

 

Thanks

dgildelaig
L5 Sessionator

To some extend they are supported.

Give it a try and let us know if you find something that should be addressed.

tkosec
L0 Member

I'm sort of reving an old thread, but here it goes anyway:
can Expedition migrate a FTD configuration to PA?

I've exported the FTD config from the LINA mode by entering the command:

system support diagnostic-cli and then I exported the configuration with the command:

show running-config.

This prints out a config file that has very similar syntax to ASA but not totally the same. And after I've imported this config file to Expedition I can see some stats but no policies.

azuniga
L4 Transporter

Hello @tkosec 

 

Expedition will not be able to perform a migration of firepower, but if you can export the configuration from the ASA you can migrate from there. Because firepower runs layer 7 in a separate unit we are unable to do that migration. So expedition will only do the migration for layers 3-4 and you will need to do the layer 7 migration within the PAN.

tkosec
L0 Member

Hi, Azuniga,

 

thanks for your reply.

It would be totally OK if I could just migrate the L3-4 configuration, and the commands that I've used do export the FTD's configuration in a type that's the most similar to the old vanilla ASA. But, since it is an FTD configuration, it is a bit different and that's probably why I can't get it to go.

It would be great if more comprehensive support for FTD migration (even if just on the L3-4 level) would be added to Expedition sometime in the future.

playboyvpbnj
L0 Member


@tkosec wrote:

Hi, Azuniga,

 

thanks for your reply.

It would be totally OK if I could just migrate the L3-4 configuration, and the commands that I've used do export the FTD's configuration in a type that's the most similar to the old vanilla ASA. But, since it is an FTD configuration, it is a bit different and that's probably why I can't get it to go.

It would be great if more comprehensive support for FTD migration (even if just on the L3-4 level) would be added to Expedition sometime in the future.


Expedition will not be able to perform a migration of firepower, but if you can export the configuration from the ASA you can migrate from there. Because firepower runs layer 7 in a separate unit we are unable to do that migration.

HonoAl
L1 Bithead

Hi there,

 

Has there been any progress regarding this? Is it now possible to do a Firepower migration, including L7, using the Expedition tool?

 

Ta.

 

Ho

azuniga
L4 Transporter

Hello @HonoAl 

 

No at this time expedition does not support layer 7 policies from Cisco Firepower.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!