Situation:
1. You need to do hardware swap (POC unit to actual unit)
2. You don’t have Panorama, and you need to do hardware swap due to RMA
Steps:
1. Ensure components are in the same version
2. Export and Import config
3. Commit configuration
Ensure components are in the same version
1. Make sure all components (PAN-OS, PAN-DB, Threat Prevention, Wildfire, GlobalProtect) are in the same version, license too.
1. To do PAN-OS software update, navigate to Device→Software
2. To do components update, navigate to Device→Dynamic Updates
3. To do PAN-DB update, navigate to Device→Licenses→PAN-DB Url Filtering
Export and Import config
1. From the old unit, navigate to Device→Setup→Operations
2. Click “Save named configuration snapshot” and give it a name. Example: ABC123.xml
3. Click “Export named configuration snapshot” and select ABC123.xml.
4. From the new unit, navigate to Device→Setup→Operations
5. Click “Import named configuration snapshot” and select ABC123.xml (config file from old unit)
6. Once imported, click “Load named configuration snapshot” and select ABC123.xml
Commit configuration
1. When you click commit, the firewall will start applying the configuration, meaning there’s a possibility that the ip will be duplicated in the network.
2. Normally I only connect Management port in the new unit, and leave other interfaces unplugged.
3. Click commit, and immediately unplug Management interface in the old unit. You will no longer have access to the old unit. New unit will be taking over the Management ip.
