Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-14-2021 02:31 PM
Team,
This is my first time to post a question and this is my first experience with Palo devices. I am running Expedition version 1.1.98. What I am trying to do is take my existing ASA configuration and eventually merge it with a base Palo (9.1) configuration that I will eventually load on a new Palo 820. I created a project, imported my palo base configuration, and imported my ASA configuration via txt. Then I went through and started correcting the invalid and duplicated objects. While there are no more "red" counters in my statistics I am seeing that Expedition has listed all 88 of the services as "unused". Is this normal? I suppose that the services would be replaced by Palo services but since this is my first go around I am not sure. Thanks for your help.
06-24-2021 11:07 AM
Hello @Thom199
Thanks for reaching out to the community and welcome. Yes it is common to have services as unused as our services are used in multiple areas and are referenced to a single service where if you import a Cisco ASA configuration you might have the same service referenced multiple times using multiple objects. Expanding upon that if you are referencing BGP over TCP 179 you may have 3 services being referenced within your configuration, where as in PAN we reference that as 1 single service so this also helps in cleaning up your firewall I hope that makes sense.
Here is the YouTube video on a Cisco ASA migration that might help you with your migration.
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
06-24-2021 11:07 AM
Hello @Thom199
Thanks for reaching out to the community and welcome. Yes it is common to have services as unused as our services are used in multiple areas and are referenced to a single service where if you import a Cisco ASA configuration you might have the same service referenced multiple times using multiple objects. Expanding upon that if you are referencing BGP over TCP 179 you may have 3 services being referenced within your configuration, where as in PAN we reference that as 1 single service so this also helps in cleaning up your firewall I hope that makes sense.
Here is the YouTube video on a Cisco ASA migration that might help you with your migration.
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-
07-01-2021 06:58 PM
Thank you very much. Your explanation is very helpful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
