Drewdown, not sure if you fixed this already... 2 errors when trying to do this, both of which appear to be originating from the PAN > FW. The first one is a log setting on the 'outbound-block-all' rule on the PAN. That specific log settings doesn't exist on the FW. I think you may have to turn off log forwarding on the panorama Before importing the security policies, you need to disable logging to Panorama. On the firewall, either modify your log forwarding profile to remove Panorama, or edit each security policy and set the log forwarding profile to none: Again same rule that is already on the PAN in 'Post Rules,' its shared between all of our existing DGs on the PAN. The only difference between the zones on the FW and the PAN is the first letter is capitalized which I assume is why it chokes? The name zone name makes a difference and should be the same.
... View more