Well, I tried that and I don't think it's working correctly.
I guess I need step-by-step assistance on what to do from that pre-merge screenshot. While I did have a pretty lengthy thread on all of the problems I had with an ASA conversion last year, that thread isn't helping me here. Nothing is working as expected.
Actually, perhaps starting at the beginning would help - do I only choose Panorama or do I also select the target firewall cluster? That point wasn't covered in the ASA video series as it was firewall to firewall with no Panorama.
Was I correct in converting all objects to Shared?
I am not sure how a object can be shared in the SRX platform but you would need to first migrate over the objects into the Panorama device and merge it then convert it to shared since that is what we use on our end. I think you may have first made it shared within the SRX environment then tried to merge it which will not work.
Ok. I have lots of snapshots pre-merge so let me check for that.
Do I have the mappings correct in the screenshot except for the Objects? If the Objects are wrong (shouldn't go to shared), where do I put them? The new cluster's DG?
Also, while the SRX doesn't do Global rules (zone-less), it does have what are called Global objects but I don't know if that's the same thing as PAN's Shared objects (all of our SRX objects are Global).
I think I've figured out when the Address Objects get jumbled from all vsys to 1568 shared. What's also strange is if I "filter" on vsys1 it shows all of them where shared only shows the ones showing shared.
What I found is that the Address Objects changed after I merged the duplicate Address Groups.
Should I just not clean anything up except invalids, merge configs, and then cleanup the duplicates? Or maybe, only cleanup the duplicates that don't cause the change to shared?
I think the Network section is pretty self-explanatory.
1) Left | Shared | Objects to Right | DG | shared (created by cleaning up duplicates)
2) Left | Objects and Left | Policies to Right | DG | CORE-FW1
3) Left | Zones (or vsys1 + zones) to Right | Template | CORE-FW1 | Device | vsys1
Alternately, as mentioned above, I could just not cleanup the object duplicates to avoid the conversion to shared and clean them up post-export-merge.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!