cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Expedition issue: Security policies not merging automatically(While trying to migrate from ASA to PA

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Santosh.Ponnapalli
L1 Bithead
‎03-18-2020 02:48 AM
‎03-18-2020 02:48 AM

Expedition issue: Security policies not merging automatically(While trying to migrate from ASA to PA

Hello,

 

We are trying to migrate the CISCO ASA configuration to the Palo Alto using expedition and we have imported the ASA config to the expedition by clicking on "Group access-lists by remarks". 

 

We have around 38K access lists on Cisco ASA and the security policies on the Palo alto firewall is not merging as expected.  We did migrations before and the access-lists around 30K are shrinked to around 2800.

 

Currently expedition is running on 1.1.58.1. We are not able to identify the root cause and expecting assistance on this.

 

Thank you in advance.

 

Thanks,

Santosh

 

0 Likes
Reply
Highlighted
dgildelaig
L5 Sessionator
‎03-18-2020 03:44 AM
‎03-18-2020 03:44 AM

Re: Expedition issue: Security policies not merging automatically(While trying to migrate from ASA t

Do you get the expected results if you do not mark the option of Grouping ACL's?

0 Likes
Reply
Highlighted
Santosh.Ponnapalli
L1 Bithead
‎03-18-2020 03:46 AM
‎03-18-2020 03:46 AM

Re: Expedition issue: Security policies not merging automatically(While trying to migrate from ASA t

Thank you for the response  Dgildelaig

Regardless of marking and non-marking the Merge option, the acl count is the same.

0 Likes
Reply
Highlighted
dgildelaig
L5 Sessionator
‎03-18-2020 04:01 AM
‎03-18-2020 04:01 AM

Re: Expedition issue: Security policies not merging automatically(While trying to migrate from ASA t

Can you contact us to fwmigrate@paloaltonetworks.com and we can check why may be some ACLs missing?
If you have already identified any missing ACL in the migration, provide also some information about it, in case we spot what specific that ACL may have that we did not support yet.

0 Likes
Reply
Highlighted
Santosh.Ponnapalli
L1 Bithead
‎03-18-2020 04:05 AM
‎03-18-2020 04:05 AM

Re: Expedition issue: Security policies not merging automatically(While trying to migrate from ASA t

Hello,

 

The ACL's are not missing, however the issue is with ACL merging. We have around 30000 security policies. 

 

For suppose, if we have 10 rules with source, same destination port and with 10 destinations, Ideally the expedition should merge this to single rule, but this is not happening now.

 

Can you please help us on this matter. 

0 Likes
Reply
Highlighted
dgildelaig
L5 Sessionator
‎03-18-2020 05:06 AM
‎03-18-2020 05:06 AM

Re: Expedition issue: Security policies not merging automatically(While trying to migrate from ASA t

Absolutely,

Please contact with me at fwmigrate@paloaltonetworks.com to schedule a session

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks