PA config replication through Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA config replication through Panorama

L2 Linker

Hi All,

 

I am looking for a method to replicate the configuration of one of our virtual firewalls to a physical firewall through Panorama device-groups and templates.

 

Let me explain the setup:

We have a core firewall with multiple vsys enabled, and one of these vsys is our external (internet) vsys. Now due to capacity issues, we need to replace this external vsys with a physical PA-5260 firewall (different hostname). The configurations would remain the same as in the external vsys and after migration vsys will be shut.

All the firewalls in the environment are manged by Panorama. The current external vsys is part of an existing device-groups and templates. Now I am looking for the best way to replicate the configurations from the current vsys to the phsyical firewall during productions cutover.

Is there a method to copy the security policies, nats, firewall settings from the old vsys to the new firewall through device-group or templates and during prod cutover, shut down the vsys and re-cable to the phsyical firewall and have the same configurations on it?

Any help would be highly appreciated.

 



Thanks & Regards,
Varun Rao
3 REPLIES 3

L2 Linker

There is a dedicated tool for migrations beetwen PAN and 3rd party vendors - Expedition

I am not moving from a different vendor to palo alto.  I am moving from a multi-vsys setup to a physical palo alto 5260 firewall.



Thanks & Regards,
Varun Rao

L2 Linker

Expedition is useful for any migration, between PAN also.

Load partial config can be use as well.

  • 2591 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!