3.1 Policy Deployment

Printer Friendly Page

3.1 Policy Deployment


This activity results in Level 4 rule conversion in support of a migration from a legacy firewall to a Palo Alto Networks security platform.


The goal of this activity is to modify the original rule base as little as possible, in order to focus the change over two main factors:

  • New hardware platform
  • New software (PAN-OS)


Even though security rules will use networking concepts up to Layer 4, the App-ID engine will be active and working in the background for traffic identification. 


Tasks can include:

  • Pre-cutover configurations
  • IPSec VPNs



  • Backup copies of all converted firewall configurations 
  • Configuration, Migration according to the migration plan
  • Converted policy set with minimal use of App-ID. This should be reviewed with the customer


Consultant Collateral: Policy Migration Best Practices

  • Cisco ASA
  • Juniper SRX
  • Checkpoint 
  • Fortinet
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
2 of 2
Last update:
‎07-02-2020 11:22 AM
Updated by: