This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Migration form Chekpoint >R80 to Palo alto

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Migration form Chekpoint >R80 to Palo alto

KishanYadav
L0 Member

‎10-13-2023 05:14 AM

We are in the process of migration form checkpoint 156000 to palo alto 5420. The Checkpoint version we're migration form is >R80.

 

here's an overview of the migration process so far;

We successfully removed invalid and duplicate objects in Addresses, Services, Address Group, And service Groups.

We 've re-mapped the interface to align with palo alto's naming conventions. 

We 've correctly assigned zones for the interfaces. 

However, we are currently facing a few challenges.

The configuration we've received indicates two vsys (virtual system) and we're encountering issues with zones in the security rules for these vsys (specifically the management server-ACH network)

Any one can help me out for this issue.

0 Likes Likes
2 REPLIES 2

cjthorse82
L1 Bithead

‎10-13-2023 05:54 AM

1. import the palo to devices on expedition - see screenshot "import devices to devices"

2. in your palo - save a named configuration 

3. in your palo - export the named configuration

4. in expedition - your project - select import 

5. under import screen - import the XML file created from the exported named configuration the palo

6. the screen will show a loading page 

7. swing over to the export tab - and you should see - screenshot below - CP config to PA Config screen

8. simply drag and drop items that are required over to vys1 - like VRs and Interfaces, objects ect ect

9. select merge 

10. select generate xml and set input - see generate and download xml file screenshot

11. download the XML 

12. import that configuration into your palo and boom you have configs from your CP into your Palo. 

 

recommendations - security polices will be a %$&^$# MESS - unless your want to step on your foot many times because you like pain - i'd recommend starting fresh with security polices - this can help with ZTN 2.0 / APP ID and proper ZONE 

 

you can do all of that with in EXPO - but sometimes it's a pain in the butt. 

 

lemme know if you have any additional questions.

 

life is too short to be a jerk.
Preview file
15 KB
Preview file
31 KB
Preview file
36 KB
0 Likes Likes

dpuigdomenec
L4 Transporter

‎10-17-2023 12:37 PM

Hi @KishanYadav , please use the latest Expedition version (1.2.76) that is fixing the issue you are describing.

Best regards,

David

0 Likes Likes
  • 709 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks