Thank you for reply @zinkt101
Before you start migration, could you set the download schedule of Wildfire to: "None" on both Firewalls, then start with migration over? If it succeed, then after migration you can change Wildfire scheduler from Panorama via Template.
Hi @zinkt101 , I had a similar issue recently when attempting to migrate a 3250 HA pair (10.0.8-h4) to Panorama 10.1.3. I was able to complete the push and commit however anything that uses a password or secret such as a IKE Gateway pre-shared key didn't work. The resultant outage was significant with over 100 IPSec VPN's configured so I quickly reverted the 3250's to their original device state.
I suspected someone had set a new Master Key however that wasn't the case. I then compared the encrypted values for passwords and pre-shared keys between firewalls and Panorama and they were indeed different. I know Panorama 10.1.3 doesn't support firewalls running 10.1.0 - 10.1.2 (Panorama Admin Guide) however I can't find official word that 10.0.X isn't supported either.
Downgrading isn't really an option as 10.0 becomes end of life in July this year so next step is trying the process again with an eval VM running 10.0.8-h4 loaded with very similar config to the 3250's and see if the same result occurs. Following on from that I will upgrade Panorama and the VM to 10.1.5-h1 to see if the issue is resolved.
I have another 15 x 440's on Satellite links to migrate so need to make sure the process is error free.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!