User ID and Expedition

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

User ID and Expedition

L1 Bithead

I am doing a migration from ASA. All seems to be ok in Expedition so far. However the Objects < User ID tab is blank and mentions something about API. There is also a Plugins < User ID section which is also blank.

 

The ASA config has lots of user id dependencies built into the rules/policies. I have not been able to find any documentation that goes deep enough into the current version of Expedition to be worthwhile and nothing out there that I have found talks about the User ID function within Expedition.

 

The customer is concerned that the policies aren't migrating over with a 1:1 ruleset using User ID against their Active Directory environment like the rules did on their ASA. In the end we will have over 10k rules so going back into panorama and adding the user id component to every rule is not an option.

 

We have taken the step of adding all of the AD Groups in the Group Mappings section of the Panorama that are referenced in the ASA config.

 

Can anyone help provide a "how to" on migrations from ASA to PAN when the ASA rules already have and must keep the User ID variable in them?

 

1 REPLY 1

L6 Presenter

Hi @micharr User-ID migration from ciscoasa is not supported by Expedition.  Please see supported objects :

https://live.paloaltonetworks.com/t5/expedition-articles/expedition-supported-3rd-party-vendor-matri...

 

  • 989 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!