Use Case - Migrate Your Next-Generation Firewalls to Panorama
Best practice for migrating your Next-Generation firewalls
to your Panorama™ management server.
The second use case for getting started with
the Panorama™ management server is to Transition existing firewalls
to Panorama. If possible, work with your Palo Alto Networks
Sales Engineer or Professional Services Engineer during the migration
to ensure your firewall configurations are correctly migrated to
Planning is key—before you start the migration,
make sure you have understood the following:
Review the Palo Alto Networks Compatibility
Matrix to understand compatibility between Panorama and firewalls,
across Log Collectors, and content versions to ensure no compatibility
errors are encountered during migration.
Plan your device group and template hierarchy in
such a way that reduces redundancy and streamlines the management
of settings that are shared among all firewalls within a set of
Prepare a post-migration test plan to verify that to verify
critical traffic and application traffic after you successfully
migrate your firewall to Panorama.
import devices’ shared objects
into Panorama’s shared context
to avoid duplicating
identical configuration objects.
After a successful migration, review the
identify any duplicate rules. Delete one of each duplicate rule
to Panorama to avoid commit
Export or push device config bundle
your managed firewalls, enable
Merge with Candidate Config
Device and Network Templates
to force a commit for any pending local changes
on the firewall, include all device groups and templates in the push,
and delete any local configurations not present in a device group
or template on Panorama. This ensures a baseline configuration managed
by Panorama is pushed to all firewalls migrated to Panorama.
Perform your post-migration tests to verify that the
migration is successful and that everything is working as intended.
Over time, optimize the configuration as needed. Use migration tools
like Expedition the to periodically
asses your configuration hygiene by removing any unused or duplicate
objects and the Policy Optimizer to optimize
your Security policy rulebase.