I would like to migrate one PA 4020 EOL device which is on PAN-OS 7.1.8 and I got one new PA 3250 with 8.1.13 PAN-OS. Can someone please suggest how I can do this migration?
I appreciate your time and help.
Its best if both PAN's are on the same version. That way you can just copy the config over using export xml. Or if the config is a mess, you can start over with a new config from scratch.
You could try but even if you can get it to load it wouldn't pass validation properly and you'll need to correct all of the errors. In a situation like this I would take the chance to go through the config and just rebuild it, migrating over objects so you don't have to go through and rebuild them.
Thank you so much for your help. I will give it a try to load and fix all the error that may occur during the validation. I hope once the commit is successful that may work in production as well?
I did a config Export from my production PA4020 and load it on PA3250 and got an error for only HA interfaces. I have fixed the HA interface error and commit and it went well. So can I go-ahead to replace the firewall now or will that be any problem?
I would say yes. Obviously do it during a maintenance window and replace one at a time. Perhaps do a side by side comparison of hte two device configs just to make sure the policies and configs are same/similar.
Thank you so much for the help and support from all of of you. This old 4020 has only Firewall, NAT and OSPF routing config and has been successfully loaded to PA3250 without any error. I have validated the policy, objects, NAT etc and everything just match with existing PA4020.
Kindly let me know if there is anything I need to check before I plan this migration. Also, I have my new PA3250 on PANOS 8.1.3h as per TAC recommended version.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!