Install of Panorama *AND* importing configs from existing 3050's

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Install of Panorama *AND* importing configs from existing 3050's

Not applicable

Greetings

We already have our HA pair of 3050's installed and running in the network. We now have (after the fact) purchased Panorama in order to manage an upcoming DR site as well as the existing pair. Has anyone attempted to import configs into Panorama from existing configs on 3050's (running 5.0.8) and completed it successfully? Or is this going to be a massive effort in setting it up manually?

6 REPLIES 6

Not applicable

We purchased the 3050's first, and configured them. They are running in production currently. We have since purchased Panorama. We are about to install Panorama. Instead of creating configurations from Panorama from scratch to then push down to the 3050's, we are looking for a way to upload the configs from the 3050's to Panorama to then start all future managing of the configs from Panorama

Hello daugust@simplexity.com,

There are couple of ways to accomplish this:

1.) Adopting a semi-manual approach and you can refer the following document for the same:

How to Import Palo Alto Networks Firewall Configurations into Panorama

2.) Converting a device rulesbase into Panorama rule base by referring to the following document:

Conversion of Device Rulebase to Panorama Rulebase

3.) I believe the migration tool currently supports this capability.Another option is to use the dev center script example that can help with the process:

PAN FW to Panorama Policy and Object Migration Script Pack

Hope these suggestions help you!

Thanks and regards,

Kunal Adak

Thanks for the guides.. I will follow and report on our experiences with it...

L4 Transporter

Apologies to all but this really touches a nerve for me.

We did the same thing the original poster did... we bought a few Palo Altos to make sure they performed reasonably well, and then later on we stood up Panorama.

In my opinion it is a ridiculous oversight in Panorama that the product doesn't inherently include the ability to import devices that it attaches to!

I get that hacky scripts exist, I get that it's possible with comunity written Python scripts, but that answer honestly falls short of what I would expect from an enterprise firewall company's centralized management platform.

If there's a feature request for Panorama 6.0 for this functionality sign me up!

Someone from Palo Alto sent a PM to me, and said the feature request ID for this feature is 493. I reached out to my SE and asked that we be added; I suggest you guys do the same. I'd really like to see device import added.

I can only agree with you - importing a current configuration should be a nobrainer for a mgmttool such as the Panorama.

*keeps fingers crossed that this will arrive in Panorama 6.0*

  • 3548 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!