- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-09-2019 07:00 AM
Hi,
I'm trying to migrate Checkpoint FW to Panorama Device Group.
I have imported and edited Checkpoint config, imported Panorama config (about 5.5 MB), merged Checkpoint policies to empty device group and objects to shared objects (and merged them to use existing Panorama objects instead of Checkpoint objects). Up to this point everything works correctly, but when I generate XML output and want to download it, the output XML file has only about 3.1 MB and when I import it to Panorama, there is huge amount of errors and differences between newly uploaded config and running config.
Do you have any idea, how could this be done?
Thank you,
Jan
04-11-2019 04:19 AM
It could be so many things....
Could you provide some descriptions on the errors that you see when pushing the config?
04-12-2019 11:46 AM
I have found the reason of difference in size of XML. When I don't download just XML, there is different sturcture etc. - when I download whole zip archive, there is xml called "pretty" 😄 that is of correct size.
Even though there is so many differences in former and new config. It cannot be shown in config audit and I have to do diff somewhere else.
I have found it too risky to use newly generated config and push it to Panorama (Panorama is used for production environment with about 50 firewalls). The only "secure enough" way is to use generated cli config commands and paste just the ones related to newly added firewall.
04-12-2019 12:11 PM
The size of the generated output has been discused before in other threads.
We do offer the pretty version of the XML for those people that would feel suspicious about the content in the condensed version, which skips tabs and irrelevant XML spaces.
10-19-2022 04:58 AM
Hi @Jan_Linhart ,
Can you please help me with the CLI command to upload the specific configurations from expedition generated xml file to panorama device group.
I generated the xml file , need to move only specific configurations to panorama via CLI.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!