Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 28 subscribers
  • Views 35512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving from one to another Sophos XG device

Posh Gardiye

Hi Everyone,

I'm trying to see if anyone here have experience or best practices to follow when moving from one sophos XG to another device. To give you guys a bit of a background, we have been using a XG310 device which was provided by our service provider. Recently we have moved to new WAN provider and have purchased a new XG310 to setup. Currently we have about 15 RED devices and quite a few business/firewall rules on the existing firewall. 

My questions is, can I take a backup and restore the config to new device? I understand that WAN IP details would require updating as we are using new links. However not quite sure if this is the best way? I would really appreciate your help.

Thank you.



This thread was automatically locked due to age.
  • 0 in reply to lferrara

     Thank you for the reply lferrara. My issue got bit complicated. It seems that the current firewall hardware is actually SG device but coverted to XG through licensing. The new firewall is XG rev2. So according to support, backup/restore will never work given they are 2 different architectures. However I'm still working with support to see if there is a way at least to get some of the configs restored, otherwise, I'm looking at a manual setup.

  • 0 in reply to Posh Gardiye

    Posh,

    what about import/export feature from Backupk & Firmware menu?

  • 0 in reply to lferrara

    Hey Luk,

    Sorry for the late reply. I already tried that, but according to Sophos support, nothing will work given they are 2 different hardware devices. Even though it was running as XG after the license, the hardware is still SG. I'm waiting to hear back from support re-importing config. 

    Regards,
    Posh

  • 0 in reply to Posh Gardiye

    This is something that Sophos should address.

    did you think about issue like this? Customers moving to XG HW v2 are not able to import/Export config or restore a previous backup.

    A comment would help.

    Thanks

  • 0 in reply to lferrara

    Hi lferrara,

    I received a response from support. According to their findings, there is no way to restore the backup configuration from an SG to an XG hardware even if it's running SFOS due to some hard-coded restrictions. So pretty much nothing can be done. Arghh, I will have to setup everything manual :(

    Cheers.

  • 0 in reply to Posh Gardiye
    There is another solution which will get over most of your config without doing everything by hand.  Export the config in XML and then import it.
     
    Go to Backup and Firmware, then the Import Export tab.
    Export full configuration.
     
    This will result in an archive, in which is a large XML file.  Which might be interesting to look at anyway.
     
    Go to the new box and import.  This will take many minutes and you won't see anything in the UI.  Instead, check the logs.  There is chance that this fails.  There are known issues with export/import.  I know that all have been solved but I don't recall if one of the longstanding ones (CertificateAuthority) is resolved in 17.0 MR5 or 17.1.
     
    So if the import fails you now have a choice - edit the xml inside the archive to remove all the <CertificateAuthority> sections (making sure that you don't change the format of the archive), or do a selective export where you do a one by one selection of everything but the Certificate Authority.  Now import your new file.
     
     
    I don't know how well this Export/Import handles configuration related to hardware, etc.  I'm not positive but I think this may copy over any statically configured IP addresses, so you may need to shut down machine1 (to remove duplicate IPs on your network) to access machine2 and move it different IPs. 

    BTW, both backup/restore and import/export do not copy over reports and logs.
  • 0 in reply to Michael Dunn

    Hi Michael,

    Thank you for your reply. Unfortunately, that didn't work either. No matter what I select it won't let it restore. I have started setting it up manually now :(. 

    Cheers.