This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Migrating from PA-5250 to PA-5410

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Migrating from PA-5250 to PA-5410

MAerre
L1 Bithead

‎09-11-2024 02:25 AM

Hello folks,

 

i need to migrate from PA-5250 to PA-5410, the old devices are managed via panorama using stack and stack template, the new devices are reachable with no configuration other than the management.

What is the best way to move the configuration from the PA-5250 to the new PA-5410 with less effort?

Can i just add the 5410 in the existent template stack and push all the configuration?

Following a screenshot of the actual template stack.

I'm not expert in template so i need some help.

 

Thank you

PA.jpg

Bye

Preview file
101 KB
0 Likes Likes
2 REPLIES 2

PavelK
Cyber Elite
Cyber Elite

‎09-11-2024 04:56 AM

Hello @MAerre

 

thanks for post!

 

Yes, adding a new PA-5410 to existing Template Stack should be enough to push the configuration. I have done a few similar migrations in the past and except of some corner cases I have not faced any major issue.

 

Below are my thoughts how I would proceed with the migration.

 

1.) Make sure that new PA-5410 has all licenses / subscriptions activated. Also make sure that it has latest App/Threat package installed and running preferred PAN-OS.

 

2.) Add PA-5410 to the same Template Stack as PA-5250. Also do not forget to place PA-5410 to the same Device Group. Push Template and Device group configuration. If you are using Panorama also for collecting logs, do not forget to add PA-5410 to Panorama's log collector.

 

3.) Arrange maintenance window for cut over and move data plane cables from PA-5250 interfaces to PA-5410 interfaces. Be ready to clear ARP table in Layer 3 switch in the case GARP does not work.

 

4.) Clean up PA-5250 configuration from Panorama and decommission device.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎09-11-2024 05:00 AM

Hi @MAerre ,

 

You should export and import the NGFW configuration 1st.  This will migrate any local configuration.  You will change the management IP address, of course.  Then you can connect it to Panorama; add it to the same device group and template stack; and push the config.  That should do it.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 75 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks