How to Replace a Managed Device (PA-3020) with a New Device (PA-850)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to Replace a Managed Device (PA-3020) with a New Device (PA-850)

L2 Linker

Hi Guys,

 

I am trying to replace a PA-3020 fierwall with a new Device (PA-850)

 

could someone maybe give me some Hints with the best Practice?

if the devices were of the same time it would have been pretty straigth-forward according to some docs released by PA.

The old PA-3020 (HA) is managed by panorama so the new device would also be managed by the same Panorama.

i m still trying to figure out just the best way to replace it losing most or any config.

The basics config such as : device registration, retrieving update, etc) have already been done.

 

This is my idea:

 

- Export /import Config snapshot, device state, etc. (from the old device to the new device)

 

- Clone existing template and try to import it to the new device could help. I am not sure whether that will work (3020->850)

  

are there other stuff i need to consider? 

anyone with a better approach ?

 i m quite open for new idea.

 

kind regards,

Gilo

1 accepted solution

Accepted Solutions

Hi @big_Gilo

 

Then it should be pretty easy. Simply add the new device to the existing device group and template (stack) and your probably already done. Depending on which interfaces you used on your 3020 you may be have to rearrange them a little. As already suggested you could also clone the device groups and templates and add the firewalls there. If you use the same templates you have to change at least the management IP (if the two devices have to run at the same time).

After you commited the settings to the new one your ready to finish the replacement (shut down the old networkports on your switches and enable the new one for the pa850 to take over.

View solution in original post

4 REPLIES 4

L7 Applicator

Do you manage the existing 3020 completery with panorama or only specific settings?

Hi @Remo : the existing 3020 is completly managed by the panorama

 

 

kind regards,

Gilo

Hi @big_Gilo

 

Then it should be pretty easy. Simply add the new device to the existing device group and template (stack) and your probably already done. Depending on which interfaces you used on your 3020 you may be have to rearrange them a little. As already suggested you could also clone the device groups and templates and add the firewalls there. If you use the same templates you have to change at least the management IP (if the two devices have to run at the same time).

After you commited the settings to the new one your ready to finish the replacement (shut down the old networkports on your switches and enable the new one for the pa850 to take over.

Hi @Remo: thanks a lot for your advice.

i will try to clone the existing device groups and template and just add the firewalls there.

that s true i have to rearrange my interfaces as on the 3020 i was using about 12 int but on the new device i m using  only 9 int so i have to figure out how to rearrange it.

 

 

 

  • 1 accepted solution
  • 3619 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!