My Experience Using the Migration Tool 3.0 for an APP-ID Migration from Panorama Log

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L1 Bithead

I did an APP-ID migration from Panorama using the Migration Tool 3.0.


Here are the details of my setup:

1. All policies configured/pushed through Panorama DG, the firewall did not have a local policy.

2. All log were forwarded to Panorama and Panorama can see the traffic logs.

3. The firewall is a PA-7050 and Panorama is M-100.

Here are some caveats I learned:

  • Make sure you are using the latest version of the Migration Tool 3.0. The older version still had some issues reading logs from Panorama, the latest is best.
  • In the log connector section and for the connected device chose the actual firewall, not Panorama.
  • The log source should be Panaroma.
  • If possible, the machine running Migration Tool 3.0 should have local connectivity to Panorama to reduce the latency.
  • In my previous experiences with the tool I was using VPN to connect Panorama, which caused the tool to get stuck during the APP-ID migration process.
  • Start the log period with small intervals to make sure it works first, then switch to a longer time frame such as 30 days.

Please let me know if you have any questions about my experience using the tool!

Thanks,

Jimmy

1 Comment
L7 Applicator

Thanks for sharing the outline.  Very helpful.

  • 10559 Views
  • 1 comments
  • 1 Likes
Register or Sign-in