- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-06-2021 05:18 PM
Hello Everyone,
I have a well developed PA based network, with a single interface and many sub interfaces, trunking to my switches.
I need to change this to an aggregated interface, with all the same sub interfaces I currently have.
What options do I have to convert everything over from the current interface with TONS of sub interfaces, zones, policies, etc - to an aggregated interface with all the same duplicated sub interfaces, and associated functionality?
What all do I need to think about and make sure I cover in this transition?
I hope there's an easy way because re-doing everything by hand would take an horrendous amount of time!
Looking forward to hearing your suggestions. Thank you!
10-27-2021 11:08 AM
Thanks for the input everyone! I ended up setting up a new aggregate trunk and painstakingly deleting each subinterface, re-adding it as a aggregate sub interface, while using the same vlan/zone ids. I deleted the old trunk once all traffic was using the aggregate trunk. Seems to have worked well! Thanks again.
10-23-2021 05:19 AM
Hello there...
May not be the best news, but a Professional Services engagement would be able to scope this out. As you said, it would take a long time, so maybe this is one of those times to "leave it to the professionals" 😛 Seriously though, we could all provide you different ideas and suggestions, but a PS engagement for 2 days would probably allow enough time for PANW or your reseller, to do this for you.
10-25-2021 02:05 AM
@pomologist This is indeed a tricky one. When I deploy new firewall with sub interfaces I always use aggregated interface, even with just 1 member. This make any future changes easier.
But in your case, one option is to take the set commands for the old subinterface, then modify them by replacing the name with ae and apply them to the aggregate interface. It will involve deleting the old interface, creating the new ae interface and applying the modified set commands. It is a bit fiddly and prone to errors, but it can be done.
Another option is to try the rename interface feature of the Expedition tool. Again it is not easy to work with and prone to errors. Maybe option one would be easier, if you don't have good experience using Expedition.
10-27-2021 11:08 AM
Thanks for the input everyone! I ended up setting up a new aggregate trunk and painstakingly deleting each subinterface, re-adding it as a aggregate sub interface, while using the same vlan/zone ids. I deleted the old trunk once all traffic was using the aggregate trunk. Seems to have worked well! Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!