I did an APP-ID migration from Panorama using the Migration Tool 3.0.
Here are the details of my setup:
1. All policies configured/pushed through Panorama DG, the firewall did not have a local policy.
2. All log were forwarded to Panorama and Panorama can see the traffic logs.
3. The firewall is a PA-7050 and Panorama is M-100.
Here are some caveats I learned:
- Make sure you are using the latest version of the Migration Tool 3.0. The older version still had some issues reading logs from Panorama, the latest is best.
- In the log connector section and for the connected device chose the actual firewall, not Panorama.
- The log source should be Panaroma.
- If possible, the machine running Migration Tool 3.0 should have local connectivity to Panorama to reduce the latency.
- In my previous experiences with the tool I was using VPN to connect Panorama, which caused the tool to get stuck during the APP-ID migration process.
- Start the log period with small intervals to make sure it works first, then switch to a longer time frame such as 30 days.
Please let me know if you have any questions about my experience using the tool!
Thanks,
Jimmy
