This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

SD-WAN Hardware Change / Migration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SD-WAN Hardware Change / Migration

bschaper
L2 Linker

‎09-22-2021 07:56 AM

We have been running SD-WAN since release a year or so ago, regular PAN-OS SD-WAN not Prisma SD-WAN.  All the sites were deployed with PA-220 at the time, but we are rolling more sites in and I need to swap a couple of the PA-220s with a PA-440.

 

Anyone done a hardware replacement of an SD-WAN device, that is being repurposed?  I followed along the migration guide, and I am afraid that the SD-WAN connection will break as soon as I commit.  Most of the settings are tied to the device in Panorama, and I am not confident that just loading an export will be enough, as behind the scenes the config is probably tied to the serial number.  I can think of a couple ways but they all seem more painful and error prone than they should be.

0 Likes Likes
2 REPLIES 2

rdonohoe23
L2 Linker

‎09-23-2021 11:46 PM

Hi Mate, 

Export the device state from the PA-220 and import and load through the CLI to the PA-400 series, that will have the merged configuration from Panorama. Make sure Panorama is running 10.1.x if adding in a PA-440. Connect the PA-440 to Panorama (point towards and add in auth key). Remove the PA-220 from the templates and device groups, and check the box for the PA-400 series.

If mission critical network I would look for a maintenance window. 

//

Import device state (firewall only)

Import the device state information that was exported using the Export device state option. This includes the current running config, Panorama templates, and shared policies. If the device is a Global Protect Portal, the export includes the Certificate Authority (CA) information and the list of satellite devices and their authentication information.

//

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRcCAK

 

 

best regards

Rob 

0 Likes Likes

bschaper
L2 Linker
In response to rdonohoe23

‎09-25-2021 08:55 AM

Have you tried this with a SD-WAN configuration?  The plug-in in Panorama has part of the configuration, and the device needs to be added there as well, along with deploying the sdwan plugin. I am afraid future commits will just break it. 

0 Likes Likes
  • 2662 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks