This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PANOS 8.1 to PANOS 10.2 migration using expedition

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PANOS 8.1 to PANOS 10.2 migration using expedition

matthias.fremont
L0 Member

‎07-04-2023 02:33 AM

Hello

 

I have an old PA5050, running PANOS 8.1.24.

I need to replace it with a new PA3410 running PANOS10.2

 

I trying to find the best way to migrate my configuration from my PA5050 to my new PA3410.

 

Can expedition can help me to do that ?

Any other idea ?

 

Thanks

0 Likes Likes
3 REPLIES 3

dpuigdomenec
L4 Transporter

‎07-04-2023 05:15 AM

Hi @matthias.fremont 

 

Thanks for reaching out.

 

Expedition is intended to be used when migrating from a 3rd party vendor to Palo Alto Networks.

 

Given your use case the simplest path is to export your running configuration from your old device and import into your new one.

By executing this action the new device will migrate automatically the running configuration. Maybe is required you reenter shared keys for your VPN configuration using the GUI due to PANOS latest versions are not expecting the keys in plain text. 

 

Another option, if possible, is to upgrade the old device to PANOS 10.2 and then export the upgraded configuration, in the below link you have information on how to do that: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan...

 

Hope this helps,

 

Best regards,

 

David 

 

 

0 Likes Likes

SteveKrall
L2 Linker

‎07-10-2023 08:00 PM

This is what I would try first.  Disable HA on one firewall and save the candidate config as a named xml file.  Do not commit the change. Revert to running after you have the config file. Export the file and open in a text editor like Notepad++.  You will see in the first 5 lines of code a reference to your 8.1.x  version of code.  Change this to 10.2.0 and save the file.  Then import the file to the new hardware, load named config and commit. Then configure HA manually.  Palo changed the naming convention for HA ports so your PA-5000 will reference interfaces that do not exist on a PA-3400 and commit will fail.   One other option is the cli command "load config partial".  But editing the version number in the xml is the easiest and fastest method.

(2)

campocaceres
L1 Bithead

‎12-14-2023 10:53 AM

Hi @matthias.fremont,

Were you successful in getting this going?  Did you follow @SteveKrall's recommendations?   I'm getting ready to do a very similar migration, and curious how your experience went and if you have any other caveats.

0 Likes Likes
  • 1483 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks