08-10-2017 08:05 AM
Hi Guys,
I am trying to replace a PA-3020 fierwall with a new Device (PA-850)
could someone maybe give me some Hints with the best Practice?
if the devices were of the same time it would have been pretty straigth-forward according to some docs released by PA.
The old PA-3020 (HA) is managed by panorama so the new device would also be managed by the same Panorama.
i m still trying to figure out just the best way to replace it losing most or any config.
The basics config such as : device registration, retrieving update, etc) have already been done.
This is my idea:
- Export /import Config snapshot, device state, etc. (from the old device to the new device)
- Clone existing template and try to import it to the new device could help. I am not sure whether that will work (3020->850)
are there other stuff i need to consider?
anyone with a better approach ?
i m quite open for new idea.
kind regards,
Gilo
08-10-2017 09:52 AM
Hi @big_Gilo
Then it should be pretty easy. Simply add the new device to the existing device group and template (stack) and your probably already done. Depending on which interfaces you used on your 3020 you may be have to rearrange them a little. As already suggested you could also clone the device groups and templates and add the firewalls there. If you use the same templates you have to change at least the management IP (if the two devices have to run at the same time).
After you commited the settings to the new one your ready to finish the replacement (shut down the old networkports on your switches and enable the new one for the pa850 to take over.
08-10-2017 09:29 AM
Do you manage the existing 3020 completery with panorama or only specific settings?
08-10-2017 09:52 AM
Hi @big_Gilo
Then it should be pretty easy. Simply add the new device to the existing device group and template (stack) and your probably already done. Depending on which interfaces you used on your 3020 you may be have to rearrange them a little. As already suggested you could also clone the device groups and templates and add the firewalls there. If you use the same templates you have to change at least the management IP (if the two devices have to run at the same time).
After you commited the settings to the new one your ready to finish the replacement (shut down the old networkports on your switches and enable the new one for the pa850 to take over.
08-10-2017 10:08 AM
Hi @Remo: thanks a lot for your advice.
i will try to clone the existing device groups and template and just add the firewalls there.
that s true i have to rearrange my interfaces as on the 3020 i was using about 12 int but on the new device i m using only 9 int so i have to figure out how to rearrange it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
