Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Hi @ali426 ,

Yes, you should be able to achieve what you need. I would suggest you to use the Palo Alto configuration migration tool Expedition -

 Check the Live community for some guides -


What I would suggest you to do is:

- Export ASA running configuration as well as the running config of the target Palo Alto FW.

- Create new project in Expedition and import both configurations

- You will use the PAN FW config as base config, from which you can keep all the settings you want

- Expedition will do the heavy lifting of converting all the objects and all rule

Note: I would encourage you to review the converted rules and fine tune them before exporting to PAN FW.

- Using the PAN FW config used as base config, merge the objects and security and nat rules from ASA config.


The process of merging and generating the final config for import to PAN FW could be bit confusing if you haven't used Expedition, but I would recommend you to check the Live community and also Palo Alto official YouTube channel have entire playlist for what you want to achieve -

Who rated this post