Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 28 subscribers
  • Views 35509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving from one to another Sophos XG device

Posh Gardiye

Hi Everyone,

I'm trying to see if anyone here have experience or best practices to follow when moving from one sophos XG to another device. To give you guys a bit of a background, we have been using a XG310 device which was provided by our service provider. Recently we have moved to new WAN provider and have purchased a new XG310 to setup. Currently we have about 15 RED devices and quite a few business/firewall rules on the existing firewall. 

My questions is, can I take a backup and restore the config to new device? I understand that WAN IP details would require updating as we are using new links. However not quite sure if this is the best way? I would really appreciate your help.

Thank you.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    Hi Ian,

    Thank you for your reply. What about the REDs? In order to migrate them I will possibly need to update 2nd WAN port to have the new public IP then move them across? when restoring backups, RED configuration will be carried across to new device including the unlock code etc...?

    Also with the restore process, do both XG310 needs to have same firmware? reason being, current XG I'm yet to migrate to the latest firmware. And the new XG has the latest.

    Regards,
    Posh

  • 0 in reply to Posh Gardiye

    Hi Posh,

    based on the fact that the backup is for use on a rebuild of a dead machine I would assume after registration and synchronisation that the backup restoration would have all the required details.

    Firmware should be the same, I have had problems in restoring and older backup on a new release. Had to find an old copy of the software, build, restore then upgrade.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thank you again for your valuable input. In my case given the public firewall IP change, I would need to update 2nd WAN interface on the WAN to new firewall IP then do the restore? so that when the new firewall comes online, REDs can talk to it? Also with regards to restore, I assume it only restores the configs? not the license as I'm using a new license on the new device.

    Regards,
    Posh

  • 0 in reply to Posh Gardiye

    Hi Posh,

    there are two things not stored in the backup, one is the licence and I can't remember the other but it is also to do with the physical component.

    So, your current WAN interface will be disabled after you do a restore, so be careful with your gateways.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    I have been trying to do the restore but nothing seems to have worked so far. I thought initially this was due to the different firmware that is running on the devices. Upgraded to match firmware, however, the restore process still fails. Then I was told that the new XG is rev2 whereas my current is rev1 and restore is not possible. Is this true?

     

    Thank you.

  • 0 in reply to Posh Gardiye

    Hi Posh,

    for that sort of information you would need to check with your reseller or maybe one of the forum mods might help?

    Ian

  • 0 in reply to Posh Gardiye

    Hi Posh,

    open a ticket with support. The only restriction during upgrade is the number of NIC must be equal or greater. For the RED, uhm...they are associated with the UTM/XG Customer ID, so they should work without any passcode reset.

    Let us know.

    Regards

  • 0 in reply to lferrara

    Hi Lferrara,

    Yes, I have opened a support ticket and awaiting confirmation. Looks like I have another issue with REDs then by reading your comments. Currently, our firewall is registered with our managed provider's account. However moving forward, the new firewall is registered under one of our accounts. So is this going to impact RED device migration?

    Regards.

  • 0 in reply to Posh Gardiye

    Pay attention with RED. Contact the Support and let them know this situation too. You need to enter the unlock code for every RED:

    https://community.sophos.com/kb/en-us/116573

    "Unlock Code

    Enter the unlock code. (Ignore this field if this RED is being deployed for the first time.)
    The unlock code is an 8-character string that is generated when a RED is added to a Sophos XG Firewall. If this RED has been deployed before, you must enter the unlock code here. The unlock code is generated during the deployment of a RED, and is emailed instantly to the address you provided when activating RED. This is a security feature, which ensures that a RED cannot simply be removed and installed elsewhere.
    For manual deployment through USB stick and for automatic deployment through Provisioning Service (see Device Deployment below), two separate unlock codes are generated. If you switch a RED from one deployment method to the other, make sure that you use the corresponding unlock code: For manual deployment, provide the unlock code of the previous manual deployment; for automatic deployment, provide the unlock code of the previous automatic deployment."
    This is from online XG help url
  • 0 in reply to lferrara

     Thank you for the reply lferrara. My issue got bit complicated. It seems that the current firewall hardware is actually SG device but coverted to XG through licensing. The new firewall is XG rev2. So according to support, backup/restore will never work given they are 2 different architectures. However I'm still working with support to see if there is a way at least to get some of the configs restored, otherwise, I'm looking at a manual setup.