Unused ASA Services after Expedition import

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unused ASA Services after Expedition import

L0 Member

Team,

This is my first time to post a question and this is my first experience with Palo devices.  I am running Expedition version 1.1.98.  What I am trying to do is take my existing ASA configuration and eventually merge it with a base Palo (9.1) configuration that I will eventually load on a new Palo 820.  I created a project, imported my palo base configuration, and imported my ASA configuration via txt.  Then I went through and started correcting the invalid and duplicated objects.  While there are no more "red" counters in my statistics I am seeing that Expedition has listed all 88 of the services as "unused".  Is this normal?  I suppose that the services would be replaced by Palo services but since this is my first go around I am not sure.  Thanks for your help.  

1 accepted solution

Accepted Solutions

L4 Transporter

Hello @Thom199 

 

Thanks for reaching out to the community and welcome. Yes it is common to have services as unused as our services are used in multiple areas and are referenced to a single service where if you import a Cisco ASA configuration you might have the same service referenced multiple times using multiple objects. Expanding upon that if you are referencing BGP over TCP 179 you may have 3 services being referenced within your configuration, where as in PAN we reference that as 1 single service so this also helps in cleaning up your firewall I hope that makes sense.

 

Here is the YouTube video on a Cisco ASA migration that might help you with your migration.

 

https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-

View solution in original post

2 REPLIES 2

L4 Transporter

Hello @Thom199 

 

Thanks for reaching out to the community and welcome. Yes it is common to have services as unused as our services are used in multiple areas and are referenced to a single service where if you import a Cisco ASA configuration you might have the same service referenced multiple times using multiple objects. Expanding upon that if you are referencing BGP over TCP 179 you may have 3 services being referenced within your configuration, where as in PAN we reference that as 1 single service so this also helps in cleaning up your firewall I hope that makes sense.

 

Here is the YouTube video on a Cisco ASA migration that might help you with your migration.

 

https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-

Thank you very much.  Your explanation is very helpful.

  • 1 accepted solution
  • 2949 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!