Paloalto PAN OS7.1.6 to PA 3250 8.1.13 migration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Paloalto PAN OS7.1.6 to PA 3250 8.1.13 migration

L2 Linker

Hi,

 

I would like to migrate one PA 4020 EOL device which is on PAN-OS 7.1.8 and I got one new PA 3250 with 8.1.13 PAN-OS. Can someone please suggest how I can do this migration?

 

I appreciate your time and help. 

8 REPLIES 8

L2 Linker

Hi Team,

 

Please help!!

Hello,

Its best if both PAN's are on the same version. That way you can just copy the config over using export xml. Or if the config is a mess, you can start over with a new config from scratch.

 

Regards,

Thank you. Can I try to load the config on new PA-3250 if that can take the config from 7.1.6.8?

@JyotiPrakash,

You could try but even if you can get it to load it wouldn't pass validation properly and you'll need to correct all of the errors. In a situation like this I would take the chance to go through the config and just rebuild it, migrating over objects so you don't have to go through and rebuild them. 

Thank you so much for your help. I will give it a try to load and fix all the error that may occur during the validation. I hope once the commit is successful that may work in production as well?

 

 

Hi,

I did a config Export from my production PA4020 and load it on PA3250 and got an error for only HA interfaces. I have fixed the HA interface error and commit and it went well. So can I go-ahead to replace the firewall now or will that be any problem?

Hello,

I would say yes. Obviously do it during a maintenance window and replace one at a time. Perhaps do a side by side comparison of hte two device configs just to make sure the policies and configs are same/similar.

 

Regards,

Thank you so much for the help and support from all of of you. This old 4020 has only Firewall, NAT and OSPF routing config and has been successfully loaded to PA3250 without any error. I have validated the policy, objects, NAT etc and everything just match with existing PA4020. 

 

Kindly let me know if there is anything I need to check before I plan this migration. Also, I have my new PA3250 on PANOS 8.1.3h as per TAC recommended version. 

  • 4772 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!