Use Case - Migrate Your Next-Generation Firewalls to Panorama
Expand all | Collapse all
Use Case - Migrate Your Next-Generation Firewalls to Panorama
Best practice for migrating your Next-Generation firewalls
to your Panorama™ management server.
The second use case for getting started with
the Panorama™ management server is to
Transition existing firewalls
to Panorama. If possible, work with your Palo Alto Networks
Sales Engineer or Professional Services Engineer during the migration
to ensure your firewall configurations are correctly migrated to
Panorama.
Planning is key—before you start the migration,
make sure you have understood the following:
Review the
Palo Alto Networks Compatibility
Matrix to understand compatibility between Panorama and firewalls,
across Log Collectors, and content versions to ensure no compatibility
errors are encountered during migration.
Plan your
device group and
template hierarchy in
such a way that reduces redundancy and streamlines the management
of settings that are shared among all firewalls within a set of
firewalls.
Prepare a post-migration test plan to verify that to verify
critical traffic and application traffic after you successfully
migrate your firewall to Panorama.
After a successful migration, review the
Policies
to
identify any duplicate rules. Delete one of each duplicate rule
before you
Commit
to Panorama to avoid commit
errors.
When you
Export or push device config bundle
to
your managed firewalls, enable
Merge with Candidate Config
,
Include
Device and Network Templates
, and
Force Template
Values
to force a commit for any pending local changes
on the firewall, include all device groups and templates in the push,
and delete any local configurations not present in a device group
or template on Panorama. This ensures a baseline configuration managed
by Panorama is pushed to all firewalls migrated to Panorama.
Perform your post-migration tests to verify that the
migration is successful and that everything is working as intended.
Over time, optimize the configuration as needed. Use migration tools
like
Expedition the to periodically
asses your configuration hygiene by removing any unused or duplicate
objects and the
Policy Optimizer to optimize
your Security policy rulebase.