Transitioning from a physical interface with sub interfaces, to aggregated interface with sub interfaces

cancel
Showing results for 
Search instead for 
Did you mean: 

Transitioning from a physical interface with sub interfaces, to aggregated interface with sub interfaces

L2 Linker

Hello Everyone, 

 

I have a well developed PA based network, with a single interface and many sub interfaces, trunking to my switches. 

I need to change this to an aggregated interface, with all the same sub interfaces I currently have.


What options do I have to convert everything over from the current interface with TONS of sub interfaces, zones, policies, etc - to an aggregated interface with all the same duplicated sub interfaces, and associated functionality?  

 

What all do I need to think about and make sure I cover in this transition?

 

I hope there's an easy way because re-doing everything by hand would take an horrendous amount of time! 

 

Looking forward to hearing your suggestions.  Thank you!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

L2 Linker

Thanks for the input everyone!  I ended up setting up a new aggregate trunk and painstakingly deleting each subinterface, re-adding it as a aggregate sub interface, while using the same vlan/zone ids. I deleted the old trunk once all traffic was using the aggregate trunk. Seems to have worked well!  Thanks again. 

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello there...

 

May not be the best news, but a Professional Services engagement would be able to scope this out.  As you said, it would take a long time, so maybe this is one of those times to "leave it to the professionals" 😛  Seriously though, we could all provide you different ideas and suggestions, but a PS engagement for 2 days would probably allow enough time for PANW or your reseller, to do this for you.

Help the community: Like helpful comments and mark solutions

L3 Networker

@RSteffens This is indeed a tricky one. When I deploy new firewall with sub interfaces I always use aggregated interface, even with just 1 member. This make any future changes easier.

 

But in your case, one option is to take the set commands for the old subinterface, then modify them by replacing the name with ae and apply them to the aggregate interface. It will involve deleting the old interface, creating the new ae interface and applying the modified set commands.  It is  a bit fiddly and prone to errors, but it can be done. 

Another option is to try the rename interface feature of the Expedition tool. Again it  is not easy to work with and  prone to errors. Maybe option one would be easier, if you don't have good experience using Expedition. 

L2 Linker

Thanks for the input everyone!  I ended up setting up a new aggregate trunk and painstakingly deleting each subinterface, re-adding it as a aggregate sub interface, while using the same vlan/zone ids. I deleted the old trunk once all traffic was using the aggregate trunk. Seems to have worked well!  Thanks again. 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!