09-23-2020 10:37 AM
Hello
If I wanted to migrate from Checkpoint to Palo with Panorama, but not use Expedition, what would be the general steps?
Thank you for your time.
09-29-2020 01:09 AM
Well @MrWonderful ,
You can still use the Expedition tool to do the bulk work and convert all network objects and apply them on the new firewall. That way you can configure the rules one by one manually. I would still suggest to to use Expedition for the rules, adjust the rules (replace known ports with applications, remove unused rules etc), generate set commands and apply them on the new FW manually.
09-23-2020 06:58 PM
You would essentially be rebuilding the entire configuration and duplicating what you already have configured on the checkpoint. That's actually a good thing in my mind because it gives you a chance to review your existing configuration and only move over what you actually currently need, while also "palotizing" the configuration.
09-24-2020 03:33 PM
Hi @BPry ,
Fully agree with the review and the "palotization", but I would still use the Expedition and do the review there. Remove what is not required, replace ports with applications and etc an then generate PAN config.
@MrWonderful "Work smart, not hard" - why would you prefer to waist time and energy in configuring all of the objects and rules when the tool do it for you with a blink of an eyes?
09-28-2020 04:57 AM
@aleksandar.astardzhiev Long story short....because my employer is making me do it that way.
09-29-2020 01:09 AM
Well @MrWonderful ,
You can still use the Expedition tool to do the bulk work and convert all network objects and apply them on the new firewall. That way you can configure the rules one by one manually. I would still suggest to to use Expedition for the rules, adjust the rules (replace known ports with applications, remove unused rules etc), generate set commands and apply them on the new FW manually.
09-30-2020 05:32 AM
I would use the Expedition for the initial import and massage the configuration from there. Depending on your DB it's a lot of work to recreate a policy set and you are bound to make some copy/paste errors. With the bulk change tools in Expedition it's easy to change context, names and add policies to zones.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
