Disclaimer: Sophos also has a Migration Desk available to all Partners (and subsequently customers) free of charge who will help plan, execute, and verify migrations of your existing firewall or Sophos UTM to Sophos Firewall as well as XG to XGS hardware migrations.
- For Sophos Partners: The Sophos Migration Desk can be engaged from the Sophos Partner Portal
- For Sophos Customers: Please review the Online Help: https://docs.sophos.com/support/migration/en-us/firewall/index.html
We want to provide some easy ways to migrate Sophos UTM configuration parts to Sophos Firewall with the UTM API and Import/Export Feature in SFOS. In this Recommended Reads, we will provide example Powershell Scripts to migrate some features and options to SFOS as you need them.
Those scripts follow an easy approach: They will download the configuration via JSON UTM API and convert this content to a XML File. The XML File is usable in SFOS.
For more information about the approach, see: Creating XML Objects with notepad++ for mass import
Sophos UTM offers a full API for the entire configuration and a "Swagger" tool. See: https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.pdf
You can access the API of Sophos UTM by using https://IP:4444/api
The Swagger UI offers you the Schema used by UTM for each and every feature.
For example: Network Host Objects:
It will show you the CURL request and Token you need to do for GET the data. You will also see the format in this code.
We can now use the data, we get via API and convert it to XML Data. We need to simply map the matching points of UTM to SFOS.
In the #1 example below: We map the data of UTM "name" to SFOS name and we map the IP address to the IP address. Then add the rest of the XML code, which is static.
The approach of this migration is always the same, fetch the data, convert it to XML and save it.
Please replace the IP and the Authorization Token in the Script and run it via Powershell.
#1 Convert Host Objects to XML.
#2 Convert Network Objects to XML
#3 Convert REDs from UTM to SFOS:
Use this code with Cautious! RED can only be deployed with one Firewall (UTM or SFOS). If you register the RED from UTM to SFOS, iRED will start to reboot.
This code is very static and will not migrate complex RED deployments like UMTS, Transparent / Split or other scenarios. It will not migrate DHCP Servers, but will keep the IP Addresses of the REDs.
Important Note: The code will generate XML Files for SFOSv19.5. If you want to use the XML in a older version of SFOS, adjust the following line:
<Configuration APIVersion="1905.1" IPS_CAT_VER="1">
Feel free to contribute more code for migration scenarios. We will provide more code in the future.