I am preparing to migrate configuration from cisco FWSM to Palo Alto 5250 which is managed by Panorama. The converted configuration gets exported to Panorama but while attempting to commit to the firewall, i get the following error. I have done "re-mapping" of Vlan interfaces in Cisco FWSM to Palo Alto aggregate interface sub-interfaces. Please help.
I am using expedition tool. My Panorama version is 8.1.2
. Validation Error:
. vsys -> vsys2 -> import -> network -> interface 'ae1.251' is not a valid reference
. vsys -> vsys2 -> import -> network -> interface is invalid
. Can't get interface ae1.516 id(Module: routed)
. Error: unknown interface ae1.516
. Error: virtual router configuration error
. (Module: device)
. Commit failed
Part of the human intervention that it is required during the migration is remapping the interfaces to valid interface names in a PANOS device.
As we can't know how the wiring will me made after the intervention, this process is not done automatically and one task is to map the Cisco interfaces to PANOS interfaces (doing the rename).
Are you using AE or Sub-interfaces for connectivity to the Cisco LAN side? Are you connecting to a VLAN with L3-SVI trunk LACP? Or just one interface with sub-interfaces? If just one interface with sub-interfaces, then you don't need AE's. Once you map your interfaces correctly in Expedition / MT, you push them. I have in the past had to create the interfaces on the FW in advance and then it worked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!