This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA-200 to PA-440 running-config migration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-200 to PA-440 running-config migration

MYE-Support
L0 Member

‎08-10-2023 05:26 AM

Is it possible to migrate a running-config from a PA-200 to PA-440 smoothly or would we have to manually configure some settings?

 

First issue is that the PA-200 is using PAN-OS version 8.x whilst the PA-440 is using PAN-OS 10.1, meaning we would likely have to use expedition based on research, correct?

 

Secondly seeing that the PA-200 has 4 ports that we have already configured, would it overwrite the ZTP port of the PA-440? What consequences would there be if we were to overwrite that interface?

 

Are there also any other configurations we should have to configure manually due to differences between the 2 firewalls? E.G. We would have to configure at minimum 3 ethernet ports after a potential migration avoiding overlapping of interface 1, leaving ports 6 7 & 8 requiring configuration. Is it possible to a running-config at all between the 2 without encountering much errors?

 

Are there any other considerations we should make whilst attempting to migrate the running-config of the PA-200 to PA-440?

Any help is appreciated!

0 Likes Likes
2 REPLIES 2

ozheng
L4 Transporter

‎08-10-2023 06:25 AM

Hello MYE-Support,

 

Do you manage the PA-200 using Panorama?

If yes, you can add the PA-400, then put in the same template / DG as the PA-200.

 

Otherwise, you can export the config from the PA-200, import it to the PA-400, then commit / correct the errors (if any).

Olivier

PCSNE - CISSP

Best Effort contributor

Check out our PANCast Channel

Disclaimer : All messages are my personal ones and do not represent my company's view in any way.

0 Likes Likes

TomYoung
Cyber Elite
Cyber Elite

‎08-10-2023 08:36 AM

Hi @MYE-Support ,

 

  1. You can upgrade the PA-220 to 10.1.  You do not have to use Expedition unless you want to.  It is very easy to export the config from PA-220 and import into PA-440.  I expect little or no errors on commit.  Please verify the management interface settings before commiting.
  2. You can disable ZTP on the command line before the import.

I have exported and imported configs from many NGFWs with different models.  In most cases, the config is exactly the same.  Some people prefer to export and import the device state, but I haven't noticed any difference.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 1673 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks