Documente Academic
Documente Profesional
Documente Cultură
1
5/18/2015
Can this Migration Tool make our product stickier on our customers?
One of the most interesting features is the ability to reduce the time that the
customer needs to move the security policies from Layer4 (services) to Layer7
(app-id). Doing this we are making the replacement of our systems harder since we
have configured all the rules with our App-id.
This process will help to sell more in the account once they have embraced App-id,
User-id and Content-id.
Most important
Cisco ASA NATS
Netscreen NATS, Multi-Vsys
Fortinet NATS, Multi-Doms
Automatic fix between Nats and Security Rules. (Ip Address and Zones)
Support for Networking (Virtual-Routers, Interfaces, Static Routing) all vendors
New AutoZone Assign. More options to cover “any”
App-id Adoption
Panorama Templates
Response Pages Customization
Backups and Restore points. Auto Save.
XML-API Output Manager. Atomic / Subatomic
Device Usage Statistics
2
5/18/2015
Devices
Using XML-API import Devices or Panorama
3
5/18/2015
Projects
Each project is stored on it’s own
database.
Snippets
Small pieces of PanOS XML code to be
re-used on projects.
Supported Snippets
Custom App-id
Security Profiles
Log Forwarding Profiles
Custom Reports
4
5/18/2015
Updates
Via HTTPS
Connectivity health checks
Update Server Information
conversionupdates.paloalto
networks.com
If a palo alto networks
Firewall is deployed you
need to allow paloalto-
updates
Proxy Settings
5
5/18/2015
Override or replace
If the Zone = “any” replace by
If the Zone = “zone1” replace by “zone2”
6
5/18/2015
Device Usage
• Compare your
objects database
against the
Maximum
capacity for your
platform and
know in advance
when you will
reach the limits.
Output Generation
We have 3 different ways to generate the Output. All the Output will come
from the Base Configuration. All changes made to this Base configuration will
be reflected in the Output.
XML file
XML-API Calls
SET Commands File
7
5/18/2015
Order is important
8
5/18/2015
Overview
A high number of our customers are still working with services in L4 instead to use our
powerful app-id signatures. Usually is because the process to migrate from L4 to L7 is
painful and not all our partners have the knowledge to do it.
Is for this reason the new Migration Tool 3.0 will help them to run through all the steps
needed to do it minimizing all the collateral issues that this process can create.
The MT3 will help to retrieve from the logs what app-id we have seen by rule and will help us
to identify the unknown traffic and in some situations this unknown traffic we will transform in
custom signatures via application override or helping with the process to create a new
custom application signature reducing the time and knowledge to do it.
9
5/18/2015
10
5/18/2015
11
5/18/2015
12
5/18/2015
13
5/18/2015
Contact Us
Send an email to fwmigrate@paloaltonetworks.com
Intranet Place
https://intranet.paloaltonetworks.com/community/business_development/proje
cts/smart-workbench-migration-tool-30
14