Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 554 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bulk XG Configuration

Jason Rodda

I need to configure 12+ XG devices and was looking for some help.
Was there a guide, or can someone share some knowledge on configuring XG devices in bulk?
Our process for registering the device is rather slow so am trying to find efficiencies where possible.
Thanks!



This thread was automatically locked due to age.
  • +1

    We once had to stage 80 XG Appliances for customers. 

    Except for Interface parameters, the configuration was more or less the same for all appliances. We evaluated different methods including SFM Templates, RestAPI but in the end, decided to use a backup restore approach.  

    on a high level here is how we did it:

    - gather all serialnumbers

    - register all licenses via my.sophos.com  (attache license to the serials)

    - flashed the box via USB Stick to the newest image

    - configured the box with the final confiuration *without connecting the box to the internet!

    - created a "golden" backup file

    - registred to box to activate the license

    *It's important that you don't connect the box to the internet, otherwise it will download the pattern updates. the caveat is, that you cannot restore a backup to a new box, if the pattern mismatch. 

    - then repeat it with the other boxes and use the golden backup to restore the config.

    - modify the site specific settings after the restore (snmp location, lan/wan interface, hostname, certificates..)

    we kept the firewall rules simple and only used zone references / generic IP objects so that we were able to use the same policy for all sites.  

     

  • 0

    I've not done it myself but you can create a template configuration in Central (by importing the configuration off a suitable XG) and have that synchronise to other XG's that you add to that policy group.

    It will synchronise everything except the interfaces I believe (so you don't cut yourself off).

    Regards