To see this working, head to your live site.

Migrate Esxi Panorama (Legacy Mode) to Aws Panorama (Panorama Mode)

in General discussion

Hi Team

Below is my scenario-

Current Production Panorama

Hosted on ESXi

Mode- Legacy

PAN OS- 8.1.17

Target Panorama

Hosted on AWS

Mode - Panorama (Already license with different SN and have some location NGFW integrated with it)

PAN OS - 10.0.6

My goal is to migrate from ESXi hosted Legacy Panorama to AWS hosted Panorama(Panorama mode).

Following is the queries I have-

1.Shall I first change the mode of ESxi Legacy Panorama to Panorama mode, and then upgrade the ESXi Panorama to match that of AWS Panorama and then export (or Merge the configuration using expedition, I have never tried) the configuration and import it into AWS hosted Panorama.

2.Shall I directly import the ESXi Legacy mode Panorama (currently 8.1.17) configuration after merging to AWS hosted Panorama.

3.Shall I upgrade existing ESXI Legacy Panorama to PAN OS 9.0 (as UUID is introdued in 9.0 and we have to push a commit to all managed NGFW, then only we can upgrade them) and then import the existing ESXi Legacy Panorama into NEW Panorama mode AWS hosted (10.0.6).

I have been through various article of PA for migration and mode change of panorama but am getting little confused.

If you guys have any other alternative way to process, it will be very helpful.

Thanks a lot in advance.

2 comments

2 Comments

Shubham Gupta

Jul 29, 2021

Hi Reaper

Thanks a lot for the update.

But my current Panorama is in legacy mode, and I believe Legacy mode is supported maximum upto 9.0.

So I shall first change its mode to Panorama then proceed for upgrade?

Also as per below solution as you recommended, Can I directly import the config of legacy panorama to AWS hosted panorama (Panorama mode)-

live.paloaltonetworks.com

Panorama Migration VM - to - VM

Hello, we have an interesting setup, we currently have Panorama in legacy mode at version 9.0.4 (didn't even know it was possible to be in legacy mode on that release) managing a couple of HA pairs of firewalls. We would like to move our config to a Panorama VM in Panorama mode at version 9.1.2 an...

Thanks once again.

Reaper

Jul 29, 2021

I'd recommend first bringing the ESXi up to the same level and config as the AWS version, to decrease chances of incompatibility Once you transition to panorama mode, you can already put on the 'new' log collectors and be sure the firewalls are able to send logs before completing the migration Once the panorama is fully upgraded and all configuration evaluated/brought up to par, importing the config onto the AWS should be straight forward wnd without much risk