02-02-2024 01:48 PM
Running Expedition 1.2.84.
Finally getting what I need to retire my SG1000s.
I need to import from ScreenOS - Do I need to do a Juniper Screen2Junos first, or is there a ScreenOS plugin for Expedition?
I'd prefer to avoid a double-convert.
My plan is to define vsys/zone/interface directly on the Palo NGFW and then just migrate the objects and policies.
I've heard warnings about trying to get Expedition to migrate the NAT policies, so if that doesn't look like it is working I'll probably just do the NAT policies manually after the Address and Service objects and Security Policies have been migrated.
02-05-2024 03:33 AM
You should be good to select the parser Juniper->Netscreen to parse a ScreenOS configuration using Expedition.
Networking information could be defined directly on you device or you could use as well the set commands generated by Expedition.
Just in case it can help you let me add here some video tutorial on how to execute the migration workflow on Expedition. The video is using CISCO but the workflow is the same no matter the 3rd party vendor.
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
Hope this helps and let us know if you have any other questions,
Best,
David
02-08-2024 03:52 PM
ScreenOS migrations are supported. Just check for predefined services (SNMP in ScreenOS is udp/tcp 161/162), custom timeouts (minutes or 10s units), n search for services using port 65000 and addresses with 1.1.1.1 (invalid entries). Plus Global rules will need to be modified with specific zones n NATs need to be reviewed n MIPs need to be done in both directions.
02-05-2024 03:33 AM
You should be good to select the parser Juniper->Netscreen to parse a ScreenOS configuration using Expedition.
Networking information could be defined directly on you device or you could use as well the set commands generated by Expedition.
Just in case it can help you let me add here some video tutorial on how to execute the migration workflow on Expedition. The video is using CISCO but the workflow is the same no matter the 3rd party vendor.
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
Hope this helps and let us know if you have any other questions,
Best,
David
02-08-2024 03:52 PM
ScreenOS migrations are supported. Just check for predefined services (SNMP in ScreenOS is udp/tcp 161/162), custom timeouts (minutes or 10s units), n search for services using port 65000 and addresses with 1.1.1.1 (invalid entries). Plus Global rules will need to be modified with specific zones n NATs need to be reviewed n MIPs need to be done in both directions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
