Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5820
Views
15
Helpful
15
Replies

Migrating from Palo Alto to Firepower

Mike Wagner
Level 1
Level 1

‎02-23-2017 07:22 AM - edited ‎03-12-2019 01:58 AM

Hi All,

Over two years ago we replaced an aging ASA 5550 with a Palo Alto PA-5050.  Palo Alto had a nice conversion tool that I was able to use to migrate the config from our ASA to the PA.  Fast forward two years, and long story short, the Palo Alto gave us a lot of problems.  Our maintenance was up, and we were outgrowing the device, so we purchased a Firepower 4110 knowing that Cisco had upped their game with the NGFW.

Now I'm stuck with 700+ NAT entries and 700+ ACLs in the PA that I need to migrate to the Firepower.  I have the FTD provisioned, and my FMCv VM registered, and I'm able to start configuring rules.

Is there a way to mass import rules to the Firepower?  I can pull them easily from the CLI on the PA.  They're in XML format.  My zones are the same, obviously I would have to create ports possibly.  

Any guidance is greatly appreciated!

-Mike

1 person had this problem
Labels:
0 Helpful
15 Replies 15

Ranjeet Singh
Cisco Employee
Cisco Employee

‎04-09-2020 10:12 PM

Hi Guys,

It gives me great pleasure to announce that FMT 2.1 supports the migration of the Palo Alto firewall to FTD. Tool flawlessly migrates the following component of PA configuration

  1. Interfaces
  2. Zones
  3. Network Object and Groups
  4. Service Object and Groups
  5. applications
  6. Access Control Lists (Policies)
  7. NAT Rules
  8. Routes (Static)

FMT 2.1 also supports the migration of multi-vsys (Multi-context) configuration.

I hope this will make your upcoming migration a pleasant one.

FMT supports as follows:

ASA-->FTD

Checkpoint-->FTD

Palo Alto-->FTD

Please refer to the following link to download the tool.

https://software.cisco.com/download/home/286287252/type/286321688/release/2.1.0

User guide link

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/PAN2FTD-with-FP-Migration-Tool/m_about_the_migration_tool.html

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card