Legacy firewall rules are created around the Network (IPs) and Transport (Ports) layers of the Open Systems Interconnection (OSI) model. During a phased migration, legacy firewall rules are often converted to Palo Alto with like functionality to reduce downtime and ensure successful migration. Though one of the key strengths of Palo Alto firewalls is the ability to apply security rules at the Application layer (layer 7) via App-ID. Applications and application functions are identified by Palo Alto firewalls via multiple techniques, including application signatures (App-ID), decryption (if needed), protocol decoding, and heuristics.
You have successfully migrated to a Palo Alto firewall as part of your phased deployment with a IP/port/protocol based ruleset. As part of the second phase of the migration you will leverage the PAN Migration Tool to streamline rule cleanup and conversion to application rules.Download PDF