I'm trying to migrate Checkpoint FW to Panorama Device Group.
I have imported and edited Checkpoint config, imported Panorama config (about 5.5 MB), merged Checkpoint policies to empty device group and objects to shared objects (and merged them to use existing Panorama objects instead of Checkpoint objects). Up to this point everything works correctly, but when I generate XML output and want to download it, the output XML file has only about 3.1 MB and when I import it to Panorama, there is huge amount of errors and differences between newly uploaded config and running config.
Do you have any idea, how could this be done?
I have found the reason of difference in size of XML. When I don't download just XML, there is different sturcture etc. - when I download whole zip archive, there is xml called "pretty" 😄 that is of correct size.
Even though there is so many differences in former and new config. It cannot be shown in config audit and I have to do diff somewhere else.
I have found it too risky to use newly generated config and push it to Panorama (Panorama is used for production environment with about 50 firewalls). The only "secure enough" way is to use generated cli config commands and paste just the ones related to newly added firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!