Issue exporting a complete configuration out of Panorama to put into Expedition

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issue exporting a complete configuration out of Panorama to put into Expedition

L1 Bithead

We are starting a massive refresh project that will require us to split existing firewall functions onto separate devices. Plan was to pull the existing configurations out of Panorama for each target device into Expedition and then alter and improve the configurations as needed there before exporting/importing to a new Panorama and the new firewalls. Having an issue pulling valid configurations out of Panorama that will import properly into Expedition. We have tried exporting "Export Panorama and devices config bundle" from Panorama to get a tar.tgz file. It will not import to Expedition without returning the error of "Invalid XML".

 

Hopefully someone in the community has pulled configs from Panorama and done things with that in Expedition that can help us out. In a project time crunch as most efforts always put people in. Thank you in advance.

5 REPLIES 5

L4 Transporter

I believe expedition just takes a config snapshot (the Panorama xml config file rather than a tarball).

Cyber Elite
Cyber Elite

@Nick_Johnson ,

@cstancill is correct. You don't want to use anything other than the actual XML file in Expedition otherwise the import will fail. Just grab the XML file and everything should function perfectly fine. 

I'm working with @johnson2 on this project, we have tried pulling the xml (using the export name configuration snapshot function) from the firewall itself, however since it's a panorama mangaged device, it did not include any rules or objects (address/services etc.). We then exported the panorama and it's devices xml from panorama, and while that gave us the rules/objects for the device we wanted (and all other devices), it did not have network information from the device. Our third attempt was to pull the device state file from the device itself, and after unzipping that, we were able to get the shared objects/rules, but when we try to import the xmls from that, we get an error in expedition stating 'The content is not a valid PANOS configuration. No version Found'

Sorry for the confusion, yes, we extracted the files from that file but as mccark said, didn't seem to matter which xml(s) we put into expedition, it either didn't have the complete configuration we needed with network details as well as policies/objects or it would come back again as invalid XML. I expect we are just putting the wrong file combination into Expedition but knowing which files form the PAN tar would be helpful for a next step. TIA!!

Did you get any further on this? 

I'm attempting to do the same thing but i've run into exactly the same issues. 

  • 5431 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!