For details on cookie usage on our site, read our Privacy Policy
Migrating from ASA 8.2 makes double objects and rules
- LIVEcommunity
- Tools
- Expedition
- Expedition Discussions
- Migrating from ASA 8.2 makes double objects and rules
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Migrating from ASA 8.2 makes double objects and rules
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
06-27-2018 10:53 PM
I'm migrating configuration from ASA version 8.2 and I noticed that quite a lot of objects are doubled and also some rules are doubled.
If I look at doubled objects 1 of them has 'default' under 'src File' coloumn and the other has config file name in that coloumn (filename matching the one i imported). I only imported this named config file. Where does 'default' come from?
And both objcts of this doubled pir are used so I'm assuming rules have been doubled for the same reason.
Anyone had similar issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
06-28-2018 01:17 AM
can it be the netmasks are different? You can merge by name and value....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
06-28-2018 01:22 AM
Nope, everything is the same, just src File field differs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
06-28-2018 01:23 AM
Loading config later discards it anyway:
address -> mOltar-32 'mOltar-32' is already in use
address -> mOltar-32 mOltar-32 is invalid. Discarding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
06-28-2018 04:32 AM
Now I noticed it also didn't change destination zone to post DNAT zone in FW rules. Maybe cause the object isn't correct; it seems it created 2 same objects out of 1 object with no mask and also left the orginal one
And FW rules (connected with above post DNAT problem) allowing known services on TCP ports (www, smtp) have ipsec-esp as application:
Corresponding NAT rule:
- Fortinet Migration - Internet Services Database objects conversion to Palo Alto in Expedition Discussions
- Migrate User-ID based rules from CheckPoint in Expedition Discussions
- Configuration merge not working in Expedition Discussions
- Expedition 1.2.30 Hotfix Information in Expedition Release Notes
- Expedition 1.2.29 Hotfix Information in Expedition Release Notes
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
