- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-27-2024 07:33 AM
Downgrading from 5200s to 1400s, 5200s are centrally managed by Panorama. Any guidance on efficient ways of doing this using expedition and avoid going to locally managed, refresh, and then going back to panorama managed?
10-29-2024 12:05 PM
Thanks, here's what worked. Same thought, different steps.
1. Connect the new fw's to Pano.
2. Clone your 5200 template & stack.
3. Edit the new template as needed to adjust interfaces
4. Create new device-group, copy config from existing DG to new DG using 'load config partial' commands
Load a Partial Firewall Configuration into Panorama
5. Edit DG (NAT policies) as needed to adjust for ethernet port re-mapping
6. Add new firewalls to new DG
7. Push the config
8. After cutover, remove 5200s from associated device group and retire them. Delete the old 5200 device-group, stack & template.
09-27-2024 09:45 AM
Hi @RChoundry For PAN-OS to PAN-OS migration do not need to use Expedition, please open a case with our TAC, they will be able to assist you. Thank you!
09-27-2024 09:53 AM
Already tried that, TAC works on break-fix only. I was directed at sales team to look for PS engagement.
09-27-2024 12:32 PM
Hi, this is not that hard at all, since you have Pano.
1. Connect the new fw's to Pano.
2. Clone your 5200 template & stack.
3. Edit the new template as needed to adjust interfaces
4. Add the 1400's to the 5200 device group and the 1400 stack.
5. Push the config
6. After cutover, take the 5200's out of the device group and retire them. Delete the old 5200 stack & template.
10-29-2024 12:05 PM
Thanks, here's what worked. Same thought, different steps.
1. Connect the new fw's to Pano.
2. Clone your 5200 template & stack.
3. Edit the new template as needed to adjust interfaces
4. Create new device-group, copy config from existing DG to new DG using 'load config partial' commands
Load a Partial Firewall Configuration into Panorama
5. Edit DG (NAT policies) as needed to adjust for ethernet port re-mapping
6. Add new firewalls to new DG
7. Push the config
8. After cutover, remove 5200s from associated device group and retire them. Delete the old 5200 device-group, stack & template.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!