We are starting a massive refresh project that will require us to split existing firewall functions onto separate devices. Plan was to pull the existing configurations out of Panorama for each target device into Expedition and then alter and improve the configurations as needed there before exporting/importing to a new Panorama and the new firewalls. Having an issue pulling valid configurations out of Panorama that will import properly into Expedition. We have tried exporting "Export Panorama and devices config bundle" from Panorama to get a tar.tgz file. It will not import to Expedition without returning the error of "Invalid XML".
Hopefully someone in the community has pulled configs from Panorama and done things with that in Expedition that can help us out. In a project time crunch as most efforts always put people in. Thank you in advance.
I'm working with @johnson2 on this project, we have tried pulling the xml (using the export name configuration snapshot function) from the firewall itself, however since it's a panorama mangaged device, it did not include any rules or objects (address/services etc.). We then exported the panorama and it's devices xml from panorama, and while that gave us the rules/objects for the device we wanted (and all other devices), it did not have network information from the device. Our third attempt was to pull the device state file from the device itself, and after unzipping that, we were able to get the shared objects/rules, but when we try to import the xmls from that, we get an error in expedition stating 'The content is not a valid PANOS configuration. No version Found'
Sorry for the confusion, yes, we extracted the files from that file but as mccark said, didn't seem to matter which xml(s) we put into expedition, it either didn't have the complete configuration we needed with network details as well as policies/objects or it would come back again as invalid XML. I expect we are just putting the wrong file combination into Expedition but knowing which files form the PAN tar would be helpful for a next step. TIA!!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!