I am currently migrating my ASA 5585 to a Palo 5260 using Expedition tool. Everything on the dashboard has been rectified, except for few services that shows "invalid" and used .
I've noticed that Expedition has replaced "icmp" service in ASA to "discard"
Does anyone know why is that ?
Also, there're some invalid services such as (icmp-echo. icmp-echo-reply) but when I try to search/locate them, I don't see them under security policy but they're used in Object groups as shown below So, basically I need to convert them to Ping application as if they were used in security policy ?
Finally, I've got "esp" as invalid service but again it's located in an object group. So, how to correct it? replace it with an application (ipsec-esp) or service ?
... View more