- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-13-2023 05:14 AM
We are in the process of migration form checkpoint 156000 to palo alto 5420. The Checkpoint version we're migration form is >R80.
here's an overview of the migration process so far;
We successfully removed invalid and duplicate objects in Addresses, Services, Address Group, And service Groups.
We 've re-mapped the interface to align with palo alto's naming conventions.
We 've correctly assigned zones for the interfaces.
However, we are currently facing a few challenges.
The configuration we've received indicates two vsys (virtual system) and we're encountering issues with zones in the security rules for these vsys (specifically the management server-ACH network)
Any one can help me out for this issue.
10-13-2023 05:54 AM
1. import the palo to devices on expedition - see screenshot "import devices to devices"
2. in your palo - save a named configuration
3. in your palo - export the named configuration
4. in expedition - your project - select import
5. under import screen - import the XML file created from the exported named configuration the palo
6. the screen will show a loading page
7. swing over to the export tab - and you should see - screenshot below - CP config to PA Config screen
8. simply drag and drop items that are required over to vys1 - like VRs and Interfaces, objects ect ect
9. select merge
10. select generate xml and set input - see generate and download xml file screenshot
11. download the XML
12. import that configuration into your palo and boom you have configs from your CP into your Palo.
recommendations - security polices will be a %$&^$# MESS - unless your want to step on your foot many times because you like pain - i'd recommend starting fresh with security polices - this can help with ZTN 2.0 / APP ID and proper ZONE
you can do all of that with in EXPO - but sometimes it's a pain in the butt.
lemme know if you have any additional questions.
10-17-2023 12:37 PM
Hi @KishanYadav , please use the latest Expedition version (1.2.76) that is fixing the issue you are describing.
Best regards,
David
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!