02-27-2023 12:44 PM
We migrated an ASA to a PA and have it managed via Panorama. We made all the "objects" local to the firewall (vs. Shared). What I'm trying to do now is compare the Shared objects in Panorama to the objects on the PAN with the local objects so we don't end up w/dup Shared objects. When I create a new project I'm not seeing the firewall as an option to import, nor can I take the xml file from the firewall (I can but there's nothing there, it's a 5k file). Prior to Panorama management the file was 245k. What am I'm missing? Is my methodology sound? TIA
02-27-2023 01:11 PM
Hi @M.Anderson Please follow below doc to perform migration from firewall to panorama, then you can use expedition to import panorama config to clean up the duplicate objects.
02-27-2023 01:16 PM
02-27-2023 01:28 PM - edited 02-27-2023 03:04 PM
First of all, when you create an device in panorama , have you retrieved the running config from content tab, also , when you create a project, you will need to assign the panorama to the device , then when you go inside the project, go to import , you should see the panorama in the import tab , you can then double click to import the config. If all the objects are already in panorama config, then when you finished import the panorama config, it should take you to the dashboard , there it will shows you the duplicate objects.
02-28-2023 03:03 AM
Thank you @lychiang
Responses in BOLD
First of all, when you create a device in panorama , have you retrieved the running config from content tab - Yes I had done this
when you create a project, you will need to assign the panorama to the device - This is what I was missing to get the devices in the Project. I went to Project > Settings > Devices and added the FW device. Again, what I'm trying to achieve is to compare ONLY the duplicate objects between a single FW and Panorama, not all duplicate objects. I did see it work for services [see attached] but, addresses shows all DG's.
02-28-2023 09:21 AM
It works on Address objects , the same way , once you click on the number on the duplicate address object column on dashboard, it will take you to the address object view and those address object there are duplicate either in the same DG or among different DG , shared . There is a vsys column , it tells you where the objects located.
03-08-2023 08:15 AM
I think I could achieve what I'm looking for if Expedition allowed you to filter on the vsys...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
