- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Expedition version 4 - SRX to Palo Alto migration issue
- LIVEcommunity
- Collaboration
- Tools
- Expedition
- Expedition Discussions
- Expedition version 4 - SRX to Palo Alto migration issue
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Expedition version 4 - SRX to Palo Alto migration issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-18-2019 09:25 PM
I am using Expedition Version4.
SRX JunOs configs to PanOs migration, only few interfaces, zones and one VR(logging-vr) are getting migrated. Tool doesn't detect any security groups, address books, security policies...etc. We have hundreds of security groups in one box, which are configured for different customers. All the security groups need to be migrated one by one.
Toatally I am unable to migrate the whole SRX configuration to Palo alto, except few base configs of the box.
Any help would be greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-21-2019 12:42 AM
Hi,
Please, send us a private message to fwmigrate at paloaltonetworks dot com and we will check more in detail this case. We may need to get access to the configuration to verify where the issue in the SRX parser may be, if the problem is that the parser is not supporting your type of config.
We will update this thread afterwards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-27-2019 10:29 PM
Hi dgildelaig,
I have shared the sample srx configuration file with fwmigrate at paloaltonetworks dot com. Please check and let me know if any issues with that configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-28-2019 07:27 AM
Make sure that you do not modify the XML structure, as we have created the parsers to work with specific schemas for each vendor.
If you provide the XML subcontent (removing some of the parent XML elements) it won't comply with the SRX schema, and the parser won't be able to load the content correctly.
Does it make sense?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-28-2019 09:29 PM
Hi dgildelaig,
We have multiple configuration groups under a single Juniper SRX box (like vsys in Netscreen) which are configured for different customers. The configuration which I have shared is the sample configuration of customer1 and the configuration group name is Customer-1. The command I have used to get that configuration is 'show configuration groups Customer-1 | display xml | no-more' . When we try to import the output of 'show configuration groups Customer-1 | display xml | no-more' in to the expedition tool import is not happening and we are getting 'Invalid XML' error message (XML is invalid. Tip:Remove attributes from configuration tag ).
Even if I try to migate the entire SRX box configuration (show configuration | display xml | no-more), some basic componets are only getting migrated.
Hope it make sense
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-29-2019 01:21 AM
I checked in our email, and I could not find a config attached to any email related to SRX.
Could you please send it again and refer to this Forum Thread in the email? Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-29-2019 11:00 AM
- Expedition 1.2.20 Hotfix Information in Expedition Release Notes
- Expedition tool for ASA migration in Expedition Discussions
- Expedition 1.2.19 Hotfix Information in Expedition Release Notes
- Expedition 1.2.18.1 Hotfix Information in Expedition Release Notes
- Expedition 1.2.17 Hotfix Information in Expedition Release Notes
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
