This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama managed config conversion from 5200 to 1400

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama managed config conversion from 5200 to 1400

Go to solution
RChoundry
L1 Bithead

‎09-27-2024 07:33 AM

Downgrading from 5200s to 1400s, 5200s are centrally managed by Panorama. Any guidance on efficient ways of doing this using expedition and avoid going to locally managed, refresh, and then going back to panorama managed?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
RChoundry
L1 Bithead
In response to ksalustro

‎10-29-2024 12:05 PM

Thanks, here's what worked. Same thought, different steps.

1. Connect the new fw's to Pano.

2. Clone your 5200 template & stack.

3. Edit the new template as needed to adjust interfaces

4. Create new device-group, copy config from existing DG to new DG using 'load config partial' commands

Load a Partial Firewall Configuration into Panorama

5. Edit DG (NAT policies) as needed to adjust for ethernet port re-mapping

6. Add new firewalls to new DG

7. Push the config 

8. After cutover, remove 5200s from associated device group and retire them. Delete the old 5200 device-group, stack & template.

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
lychiang
L6 Presenter

‎09-27-2024 09:45 AM

Hi @RChoundry For PAN-OS to PAN-OS migration do not need to use Expedition, please open a case with our TAC, they will be able to assist you. Thank you!

0 Likes Likes

Go to solution
RChoundry
L1 Bithead
In response to lychiang

‎09-27-2024 09:53 AM

Already tried that, TAC works on break-fix only. I was directed at sales team to look for PS engagement.

0 Likes Likes

Go to solution
ksalustro
L3 Networker
In response to RChoundry

‎09-27-2024 12:32 PM

Hi, this is not that hard at all, since you have Pano.

1. Connect the new fw's to Pano.

2. Clone your 5200 template & stack.

3. Edit the new template as needed to adjust interfaces

4. Add the 1400's to the 5200 device group and the 1400 stack.

5. Push the config 

6. After cutover, take the 5200's out of the device group and retire them. Delete the old 5200 stack & template.

Go to solution
RChoundry
L1 Bithead
In response to ksalustro

‎10-29-2024 12:05 PM

Thanks, here's what worked. Same thought, different steps.

1. Connect the new fw's to Pano.

2. Clone your 5200 template & stack.

3. Edit the new template as needed to adjust interfaces

4. Create new device-group, copy config from existing DG to new DG using 'load config partial' commands

Load a Partial Firewall Configuration into Panorama

5. Edit DG (NAT policies) as needed to adjust for ethernet port re-mapping

6. Add new firewalls to new DG

7. Push the config 

8. After cutover, remove 5200s from associated device group and retire them. Delete the old 5200 device-group, stack & template.

0 Likes Likes
  • 1 accepted solution
  • 600 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks