How to Copy Configurations from PA-820 to PA-1410 A Step-by-Step Guide

When upgrading or transitioning from a Palo Alto Networks PA-820 to a PA-1410, it's important to ensure that your configuration settings are seamlessly transferred. The PA-1410 offers higher performance and more features than the PA-820, but transferring configurations can sometimes be tricky. This blog post will guide you through the necessary steps to copy configurations from a PA-820 to a PA-1410, ensuring your firewall setup is transferred effectively.

Pre-Requisites

Before starting the configuration transfer process, make sure you have the following:

1. Access to Both Devices: You should have administrative access to both the PA-820 and PA-1410 firewalls.
   
   
2. Backup Configurations: Always back up both the PA-820 and PA-1410 configurations before making changes. This ensures you have a recovery option if something goes wrong.
   
   
3. License and register the New Firewall: Register and add licenses for the new firewall on Palo Alto Networks support portal. You can transfer licenses to the new firewall also. Since the PA-820 is End of Sale(EOS) date is 8/31/2024, you probably have a new licenses with the PA-1410.
   
   
4. Palo Alto Networks Panorama (Optional): If you're using Panorama for centralized management, the configuration transfer can be managed from a single location.

Step 1: Backup the PA-820 Configuration

The first step is to back up the configuration on your PA-820 firewall. Follow these steps:

1. Log in to the PA-820 using the web interface (GUI) or CLI.
   • To access the web interface, go to the IP address of the PA-820 in a browser and log in with your credentials.
     
     
2. Navigate to the Backup Section:
   • In the GUI, go to Device > Setup > Operations.
   • Under the Operations tab
   •    Under Configuration Management, click on Save named configuration snapshot.
           - Choose a name for it and make sure you save it as a xml file
   •    Click OK.
     
     
3. Export the Configuration:
   • In the GUI, go to Device > Setup > Operations.
   • Under the Operations tab
     • •    Under Configuration Management, click on export named configuration snapshot.
               - Choose the name that you save in the last step.
               - Click OK.

Step 2: Prepare the PA-1410

Now, you need to prepare the PA-1410 to receive the configuration from the PA-820. Here’s how:

1. Zero Touch Provisioning (ZTP) on New firewall.
   •    ZTP is enabled by default on new firewalls. You’ll need to disable it to configure the firewall. Below commands will disable it.
           - admin@PA-1410> set system ztp disable
     
     
2. Configure Management port and user account:
   
   • Console into the firewall and sign-in with admin/admin
     •   It will ask you to input the old password and a new password.
       
       
   • Configure management interface
        - Enter the following commands.
           - admin@PA-1410> Configure
           - admin@PA-1410# set deviceconfig system ip-address <ip address> netmask         <netmask> default-gateway <default gateway> dns-setting servers primary <DNS ip address>
           - admin@PA-1410# commit
           - admin@PA-1410# exit
     • Verify configuration and connectivity
          - Verify Management interface

1. • • • Ping your gateway
               - admin@PA-1410# ping host x.x.x.x
2.  
3. 
   3. Log in to the PA-1410 via the web interface.
4. 
   4. Ensure Compatibility:
   • While the PA-820 and PA-1410 both run PAN-OS, certain features and configurations may not directly transfer due to hardware differences.
   • Verify firewall is registered and licensed.
   • Review the release notes for PAN-OS on the PA-1410 to identify any new features or compatibility issues.

Step 3: Upload Configuration to PA-1410

Once the PA-1410 is ready, it's time to upload the PA-820 configuration.

Using Web Interface:

1. Log into the PA-1410.
2. Navigate to the Configuration Upload Section:
   •    Go to Device > Setup > Operations.
   •    Under Configuration Management, click on import named configuration snapshot.
           - Select the configuration file you backed up from the PA-820.
           - Click OK to import the configuration.
   •    Under Configuration Management, click on Load named  configuration snapshot.
     •       Select the configuration file you backed up from the PA-820.
     •       Click OK to load the configuration.
   
   
   

Step 4: Verify Configuration Compatibility

After importing the configuration, verify that the settings are applied correctly:

1. Check for Errors:
   • Commit the configuration to apply it to the PA-1410.
   • Any errors or warnings will be displayed, which may indicate configuration issues or incompatibility.
     
     
2. Manual Adjustments:
   • Depending on the differences between the PA-820 and PA-1410, you may need to make manual adjustments.
     
     
   • • Login credentials: User accounts will be imported also. Make sure you have a local account on the PA-1410.Pay close attention to the following areas:
       
       
     • Hardware-specific settings: Features like the number of interfaces, interface types, and network connections may differ. The interfaces are different between PA-820 and PA-1410 models.
       
       
     • Security policies: Ensure that the security zones, policies, and NAT settings are correctly mapped to the new hardware.
       
       
     • Licensing: Verify that the PA-1410 has the correct licenses installed for the features you intend to use.
       
       
     •  Global Protect Portal: Verify Certificates are imported
        
       •  IPSEC VPN: Verify all the tunnels are up.
       
       
       
3. Test Connectivity:
   • Ensure that the PA-1410 is functioning as expected. Test the connectivity of the firewall to ensure proper traffic flow.
   • You can perform basic tests by pinging internal and external networks or using the Packet Capture feature to analyze traffic flow.
   • Connect through Global-Protect and verify connectivity.

Step 5: Commit and Final Checks

After addressing any errors and verifying the configuration, commit the changes to finalize the process.

1. Commit the Configuration:
   • In the GUI, go to Commit and click on Commit to apply the configuration changes.
     
     
2. Monitor the Firewall:
   • Monitor the PA-1410 for any unusual behavior or issues post-commit.
   • Ensure that traffic flows correctly and that security policies are applied as expected.
     
     
3. Backup the PA-1410 Configuration:
   • Once you’ve confirmed that everything is working smoothly, create a backup of the PA-1410 configuration for future recovery.

Step 6: Clean Up

1. Remove Temporary Files:
   • Delete any uploaded configuration files that are no longer needed to keep your system secure.
     
     
2. Review Logs:
   • Keep an eye on the firewall logs to ensure no errors or misconfigurations occurred during the transfer.

Conclusion

Migrating configurations from a PA-820 to a PA-1410 is a straightforward process, but it requires careful attention to ensure compatibility and proper functionality. By following the steps outlined in this guide, you can smoothly transition to your new PA-1410 firewall while retaining your important configuration settings. Always remember to back up configurations before making changes, and perform thorough testing after transferring the settings. Happy networking!

As always if you have any questions on your network and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!