How to merge multiples confing to one config

Hi Lychiang,

What is the process to load and merge the 3 configurations in one project ?

"If you already make three projects , you could export merged config and do load config partial command to load objects and policy one by one in the target firewall" ---- > In this case you are mentioned that is possible migrate each by each project and use the API to send the configuration separate to the PA firewall ?.

Hi @mss.support ,

1 you will zip all three asa config into a zip file 

2. upload your asazip file in the import -> cisco -> upload multiple files 

3. Upload your PAN-OS config under Import -> Palo Alto -> upload a single file. upload your base config here . it can be either firewal or panorma config depends where your policy going to be managed at. 

4.  You will need to fix all the red number showing in the dashboard for each of the cisco asa file , you can switch the context located at the right bottom corner to get to each of the ciscoasa config and make modification for each of the ciscoasa config 

5.  Since you are merging three ciscoasa firewall into one palo alto firewall, you will need to review which network interfaces you would like to migrate to the palo alto network, if there are not many interfaces, you can build the interfaces and zone on the firewall directly, please make sure the zone name needs to match the zone name in the policy.  If there are a lot of interfaces you would like to keep from ciscoasa config, you will need to fix the interface configurations under each cisocasa config, make sure you rename each of the interfaces to PAN-OS naming conventions and each of the configs do not have duplicated interface names, also you might only need one VR depends on your use case. When you ready to merge the source and base configs, you can go to "Export" -> " Mapping" -> if you need to merge the network interface, you will first start with ciscoasa1 config, check all checkbox under "network", drag and drop them to "network" section onto the right side base config (If you already built interfaces and zone on the firewall, you do not need to merge the network configuration ) for policy and objects, under vsys1, drag and drop them to the right side vsys 1, continue for ciscoasa2 and ciscoas3 

6. Once you finished drag and drop, you should see configuration from 3 ciscoasa moved to base config as below :

7. You can then click on "Merge" to merge the config 

8. Once the merge is done, you can then click "Generate XML and set output" to download the merged xml file. 

9 You could then load the config using "load config partial" or if you have direct access between expedition and firewall, you can then do an API calls from expedition to firewall to push the configuration over. 

Hi Lychiang

First thanks a lot for the info and process load and merge in one config.

About interfaces,

Yes, In this case the asa configs have the following interfaces.

I have one config with the following interface config.

interface GigabitEthernet0/0
interface GigabitEthernet0/1 with 8 subinterfaces
interface GigabitEthernet0/2

interface GigabitEthernet0/3 with 9 subinterfaces

interface GigabitEthernet1/1

interface GigabitEthernet1/2

interface GigabitEthernet1/3

other with 3 subinterfaces

and other with one Gigaethernet with 4 subinterface and one gigaethernet.