It appears that SonicWall configs are not supported in the Expedition Migration Tool. Are there any plans to add support for this firewall vendor?
My Palo Alto guy was super helpful in this reguard but I still need help.
"This is what I got back from the SE org. "We handle it [SonicWall Migration] through CSV import function:"
1) Retrieve exported config from sonicwall (it’s base64 encoded, so it needs to be parsed)
2) Download SonicReader (free), it spits out the config in an HTML file
3) Copy the HTML tables and paste into exel. Format the data appropriately. There are some nuances, for example Sonicwall service objects might be “TCP” but migration tool looks for “tcp” in lower case. This is just trial and error.
4) Save file as a CSV and change to a semi-colon delimited file
5) import CSV into MT.
- I recommend doing it in small stages. Eg. Import address objects first and actually push it to the candidate config of a firewall. If there are formatting issues, better to learn now than when pushing a full config consisting of address objects, groups, service objects, policies, etc and you get over 1000 errors. Once you complete the address objects, move to address groups, push to the candidate config of a firewall, etc."
I was able to get through most of those steps successfully and was able to upload them into the import section of the tool. Unfortunately there are 12 different sections in the HTML I generated and only 9 differently named sections to upload CSV files.
These are the sections from HTML These are the options in the MT
02PNT-AddressObjects.csv This likely correlates to the “Address” dropdown in Expedition import
03PNT-AddressGroups.csv “address groups” is an exact match
05PNT-ServiceGroups.csv “Service Groups”
…but the Regions, Security Rules, and Static Routes from the Expedition import window don’t seem to correlate to the HTML sections.
Everything was presented very nicely as a table in the HTML file but the Zones did not show up in a table so I'm not sure how to configure them.
This process, mostly SonicReader, didn't seem to work correctly for me.
Something I am trying instead is this:
If this is successful I'll update with more notes.
If you can capture (to a text file) the sonicwall config from the output of the command:
admin@sonicwall> show current-config
I can test the migration against some internal tools being developed.
send an email to fwmigrate (at) paloaltonetworks.com
I could not find and download the old tool. It was removed from production I think. The new Expedition tool looked not quite ready for production at the time of my migration. We eneded up hiring a very talented consultant named Shawn who helped us through the proces.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!