Expedition SonicWall Support?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Expedition SonicWall Support?

L3 Networker



It appears that SonicWall configs are not supported in the Expedition Migration Tool. Are there any plans to add support for this firewall vendor?




L7 Applicator



Its in our radar but we dont have any release date yet, I will post it here when we are close



My Palo Alto guy was super helpful in this reguard but I still need help.  


"This is what I got back from the SE org. "We handle it [SonicWall Migration] through CSV import function:"


1) Retrieve exported config from sonicwall (it’s base64 encoded, so it needs to be parsed) 

2) Download SonicReader (free), it spits out the config in an HTML file

3) Copy the HTML tables and paste into exel. Format the data appropriately. There are some nuances, for example Sonicwall service objects might be “TCP” but migration tool looks for “tcp” in lower case. This is just trial and error.

4) Save file as a CSV and change to a semi-colon delimited file

5) import CSV into MT.


- I recommend doing it in small stages. Eg. Import address objects first and actually push it to the candidate config of a firewall. If there are formatting issues, better to learn now than when pushing a full config consisting of address objects, groups, service objects, policies, etc and you get over 1000 errors. Once you complete the address objects, move to address groups, push to the candidate config of a firewall, etc."


I was able to get through most of those steps successfully and was able to upload them into the import section of the tool.  Unfortunately there are 12 different sections in the HTML I generated and only 9 differently named sections to upload CSV files.  


These are the sections from HTML              These are the options in the MT

01PNT-Interfaces.csv                                     “interfaces”

02PNT-AddressObjects.csv                          This likely correlates to the “Address” dropdown in Expedition import

03PNT-AddressGroups.csv                           “address groups” is an exact match

04PNT-ServiceObjects.csv                            “Services”

05PNT-ServiceGroups.csv                            “Service Groups”









…but the Regions, Security Rules, and Static Routes from the Expedition import window don’t seem to correlate to the HTML sections.


Everything was presented very nicely as a table in the HTML file but the Zones did not show up in a table so I'm not sure how to configure them.  

This process, mostly SonicReader, didn't seem to work correctly for me.


Something I am trying instead is this:

  1. Download and Install FortiNet's FortiConverter (Original price at CDW was $3,068.99 for 1yr, on sale for $926.01)
  2. Convert SonicWall config to FortiNet
  3. Use Expedition to import and convert FortiNet config to Palo Alto Networks.

If this is successful I'll update with more notes.



@bspilde Did the FortiConverter route work?

@KenLynch What migration tool did you use for this? The old one or Expedition? Also did you come across a SonicReader version later than 0.7? Thanks in advance!




If you can capture (to a text file) the sonicwall config from the output of the command:


admin@sonicwall> show current-config


I can test the migration against some internal tools being developed. 


send an email to fwmigrate (at) paloaltonetworks.com



I could not find and download the old tool. It was removed from production I think.  The new Expedition tool looked not quite ready for production at the time of my migration.  We eneded up hiring a very talented consultant named Shawn who helped us through the proces. 


I think it would have but purchasing FortiConverter was not approved. I ended up going line for line manually with the Fortinet admin from the acquired company. Turned out much of the config wasn’t required anyway so it was a good audit as well.

How did those internal tools handle the sonicwall configuration?

The internal tools did help parse the Sonicwall configuration, however since there is a significant technology/style difference between PAN and Sonciwall, you'll need to do a considerable amount of validation to ensure everything migrated and also a comprehensive SIT / UAT plan. Going from SonicWall's VPN clients to GlobalProtect can also be tricky since they are configured differently on their respective platforms.

Thanks Delvin, Seems like my experiences have been similar to yours.

L2 Linker

We are going through a massive SonicWall to PAN migration with a client currently and I have been trying to find anything to help. I am going to give this a shot and see how it works. Will update if i find anythign out. 

I've done several the old fashioned way, exporting everything to ms excel worksheets and then converting to txt and modifing to cli scripts etc... I was going to test a old migration using the forti converter and then import into expedition. I just need to make sure that the forti converter preserves all of the static routes and objects correctly. The most important part of these sonicwall migrations is to "validate" everything which can be time consuming. Clients who did't want to perform that detailed comparrision failed (had major issues and had to roll back) their migrations.

So here is the latest scoop. My RE onsite was able to have one of the scripting ninjas somewhere in the deep dark reaches of Palo Corporate and was able to generate csv files containing different information groupings like address, services, interfaces... etc etc etc. I was able to import these into Expedition just fine. That is as far as i have gotten so far. Hopefully that update to Expedition to add this functionality isn't far off!

  • 25 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!