Merge Address Groups from Check Point to Palo Alto base config

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Merge Address Groups from Check Point to Palo Alto base config

L1 Bithead

In Expedition 1.2.5 and lower, when moving objects from Check Point R80.x to Panorama Base Config, Address Groups are being merged only by name, not by name and value. Services, Service Groups and Addresses report duplicate objects to fix before exporting configuration, but not address groups.

We are using a base config that has already several objects in production.

Objects should be merged into shared context.

If we convert check point objects to shared, before the merge, the objects are reported as duplicates after the merge.

This has impacted our migration.

Could you please help out?

 

4 REPLIES 4

L6 Presenter

@AntonioTrigo Address Group needs to contain same exact members than can be merged.  So the process will be merge the duplicated address object first , then move on to the address group.  Please do not convert any objects to share before you merge the config , you can drag all objects from checkpoint config on the left to "shared" on the right during the merge. After merged, review duplicated objects again. 

L1 Bithead

Hi, @lychiang. Like i posted, Address Groups are not showing any duplicate objects after the merge, because Expedition is merging all Address Groups with same name, even if the addresses inside the group are not the same.

So after the merge we have hundreds of services, service groups, tags, address duplicated, but no address groups.

Have you convert any objects to shared before you merge with base config ? that's the root cause of the issues.  

No, we do not convert for this to happen.

  • 2309 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!