- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-26-2022 12:28 PM
Hi @ali426 ,
Yes, you should be able to achieve what you need. I would suggest you to use the Palo Alto configuration migration tool Expedition - https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall/migration-tool
Check the Live community for some guides - https://live.paloaltonetworks.com/t5/expedition/ct-p/migration_tool
What I would suggest you to do is:
- Export ASA running configuration as well as the running config of the target Palo Alto FW.
- Create new project in Expedition and import both configurations
- You will use the PAN FW config as base config, from which you can keep all the settings you want
- Expedition will do the heavy lifting of converting all the objects and all rule
Note: I would encourage you to review the converted rules and fine tune them before exporting to PAN FW.
- Using the PAN FW config used as base config, merge the objects and security and nat rules from ASA config.
The process of merging and generating the final config for import to PAN FW could be bit confusing if you haven't used Expedition, but I would recommend you to check the Live community and also Palo Alto official YouTube channel have entire playlist for what you want to achieve - https://www.youtube.com/watch?v=-gbQ-YcgoPs&list=PLD6FJ8WNiIqVez8EBeoyRsnQcKTA5FuZ-&ab_channel=PaloA...