Hello how are everyone ? I hope it's ok.
As always, thank you for your time, tips, collaboration and good vibes.
Has anyone made a migration from a Meraki-MX65 to PA?
I have made some several other migrations from other vendors, but Meraki has not affected me, in Expedition there is no declared support for Meraki.
Any recommendations, tips, experiences, etc. with this type of migration?
Thank you all
Greetings
Yes , i have.
Its a chalk and cheese when you compare the both and am sure you already know that.
The applications are limited when Merak says its a Layer 7 compared to a Palo.
There is no migration toll...as yet and everyhitng has be configured from scratch.
The polcies are basically a layer3 you would have to configure because in a meraki MX world the default ult is allow any any rule for outbound rules.
You will have to lock down as source ip , protocol , source port , destion , port. Unfortunatley this is a lot of admin and layer 3 rules to be configured and you will loose full security functions as a Palo Alto security policies you create.
When it comes to the Layer 7 firewall rules is pretty much a drop and deny what you deem is not need and portential risk.
The NAT and Port forwarding rules are pretty much easy if required using both WAN1 or WAN 2 internet connectivity and the most of security part is locking down what the users can access by Content Filtering and Threat filtering and follow meraki best pratcise " by not much compared to a Palo "
There are a lot of limitations on a Meraki MX and that is something we stressed about when a migration had to take place. MX is also very limited when is comes to Dynamic routing with BGP and OSPF we had to use a Layer 3 switch in between to establish with an ISP.
The group Policies on a MX is not a group Polici you would find on a windows server , this basical using active directory authentication users what the can access or not in the that profile (This bypasses the MX layer 3 firewall rules and only falls back when or lost connectivity to the AD sever / Meraki Dashboard.)
When a MX losses connectivity to Meraki Dashboard or there is not internet connection you pretty much dead in the water "Although Meraki sates its worls with the local config stored on the MX "
Hope this help , or if have any specific info on a MX i possible can assist.
Regards
Zeo Trust
Unfortunately I have not. I wasnt even aware Meraki had anything remotely firewall like 😅