I have a task to migrate a policy from 2 ASA firewalls into 1. Haven't seen policies yet but i think it's like 2 seperate entities. Anyone had similar project? How did you aproach it? My only idea so far is use Expedition for the more complex config and manually migrate the other.
Is there maybe a way to use Expedition for both?
This is possible with Expedition, but you'll have to do some pre-planning to design how you want to collapse the configs. Most importantly, do youy plan to maintain the logical separation by using separate VR's or even possibly VSYS for each rulebase? I would suggest using separate VR's for each. The next design question will be the zone assignments for each config and assign those zones to the right rulebase.
Here's a process you can follow:
-migrate the first config
-setup the networking including the interfacee, VR and security zones
-cleanup, verify and complete the migration for the first ASA config
-create the XML
-use the created XML as your new base config
-follow the migration process for the second asa config and merge it into your new base config (from above)
If you are going to try to be consolidating the two configs to one single rule-base the tool will be extremely helpful as you can filter rules then multi-edit them (to change source or desintation zones as needed), you can then tag any rules that will need follow up once you get the config onto PAN-OS
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!