Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-21-2019 09:14 AM
We are moving from a Juniper SRX to PA 5250.We have 125 data center networks, 1200 addresses, 1000 rules, 5 zones, 250 services, and many NAT rules.
I would like to migrate in phases - either a small zone (we have 2 going into a trust zone in PA) or by groups of subnets.
I have imported the SRX config into Expedition but I don see how to migrate only a subset of the entire configuration. Amy I missing something? Is this possible?
Thanks,
Peter
06-21-2019 01:38 PM
design wise yes you can migrate in phases and there are different design options you can consider. Within Expedition you will need to migrate all but only enable the objects and policies you need for the segment(s) you want to cutover.
If you choose to migrate only certain network segments its recommend that those segments have their own ingress/egress interfaces unless you split vlan's across different trunks. Then you will need to deploy the palo alto in parallel with your current firewall.
Its possible to migrate in phases but the planning and design requires a longer conversation you should have with your partner or palo alto professional services team.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
