PA config replication through Panorama

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

PA config replication through Panorama

Hi All,

 

I am looking for a method to replicate the configuration of one of our virtual firewalls to a physical firewall through Panorama device-groups and templates.

 

Let me explain the setup:

We have a core firewall with multiple vsys enabled, and one of these vsys is our external (internet) vsys. Now due to capacity issues, we need to replace this external vsys with a physical PA-5260 firewall (different hostname). The configurations would remain the same as in the external vsys and after migration vsys will be shut.

All the firewalls in the environment are manged by Panorama. The current external vsys is part of an existing device-groups and templates. Now I am looking for the best way to replicate the configurations from the current vsys to the phsyical firewall during productions cutover.

Is there a method to copy the security policies, nats, firewall settings from the old vsys to the new firewall through device-group or templates and during prod cutover, shut down the vsys and re-cable to the phsyical firewall and have the same configurations on it?

Any help would be highly appreciated.

 



Thanks & Regards,
Varun Rao
Senior Security Engineer, Victoria | Australia | NTT





Highlighted

There is a dedicated tool for migrations beetwen PAN and 3rd party vendors - Expedition

Highlighted
L2 Linker

I am not moving from a different vendor to palo alto.  I am moving from a multi-vsys setup to a physical palo alto 5260 firewall.



Thanks & Regards,
Varun Rao
Senior Security Engineer, Victoria | Australia | NTT





Highlighted

Expedition is useful for any migration, between PAN also.

Load partial config can be use as well.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!