Guest User!

You are not Sophos Staff.

Thread Info
  • Replies 12 replies
  • Subscribers 29 subscribers
  • Views 5738 views
  • Users 0 members are here
Options
Suggested

Interface / VLAN Migration via XML Import/Export

LuCar Toni

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Hi, 

As some of you want to move the VLAN configuration or Interface configuration in XG from one interface to another, there is no way to do this in the GUI. So you could use the Import/Export feature in XG, to perform this operation.

Another use case would be to add as many VLANs as you want, with this approach. 

Cross reference: https://community.sophos.com/xg-firewall/f/recommended-reads/122450/creating-xml-objects-with-notepad-for-mass-import

How to

  1. My Interfaces

  2. Export of all interfaces via Import/Export:

  3. Using 7Zip to unzip the .tar file

  4. Using notepad++ to edit the Entities file

    1. Removing everything from the configuration except Port3 and VLAN. (You do not need to do that, but its way faster in the import process). 

  5. Only VLAN and Port3 left:

  6. Using "Find & Replace to replace Port3 with Port4

  7. Notepad++ will replace everything for you

  8. Opening the .tar File with 7zip 

  9. Using Drag&Drop and copy&replace the new Entities.xml within the .tar

    Note: Make sure, you saved the changes in notepad++!
     

  10. On XG, unbind the old Port3 and remove the configuration

  11. Import your new .tar on Import/Export

Note: This can take some time, as XG will add all VLANs to the interface. Depending on your appliance and the number of VLANs.


Updated Disclaimer
[edited by: Erick Jan at 10:18 AM (GMT -7) on 17 Apr 2023]
Parents

  • Hi, now in XG210 (SFOS 18.5.5 MR-5-Build509) if i download the Interface configuration file i have only the Physical Interfaces, the vlans are on a different file.

    Is this guide still valid? My aim is to move all vlans, that now spans across 3 physical ports, under one port only.

  • in reply to Execcr

    Yes you can do the same with different interfaces. But before uploading it to the firewall, you have to delete / remove the old VLANs. 

    __________________________________________________________________________________________________________________

  • in reply to LuCar Toni

    Thanks! But this way i will still loose anything that is referenced to the Vlan interface when i delete it, right? For Example, dhcp configuration for dhcp server or relay? I just tried and i see that.

    There is any log that shows what dependent item has been deleted? The aim is to check if i had lost something important (rule, dhcp configuration, etc) during this interface change Slight smile

    Edited: i had misundertstood that i have to DELETE the vlan from the configuration before importing the .tar file. So i've tried to import the tar file without deleting the vlan and i get in the apiparser.log file an error about GatewayName and GatewayAddress not found. Looking on google i found a post about that -> Sophos Firewall Change Port of VLANs via XML

    I'm not on 19.5.1 but on 18.5.5 MR-5 but i think i have the same problem. I've tried the workaround but it didn't work.

    This is the XML i'm trying to import. The VLAN 777 actually is binded to port 8. I want it on the LAG_CORE interface (is a LAG with 3 ports, 1 connected the others 2 not, we are waiting for DACs)

    <?xml version="1.0" encoding="UTF-8"?>
<Configuration APIVersion="1805.2" IPS_CAT_VER="1">
  <VLAN transactionid="">
    <Zone>LAN</Zone>
    <Interface>LAG_CORE</Interface>
    <Hardware>LAG_CORE.777</Hardware>
    <Name>test vlan 7771</Name>
    <VLANID>777</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Address/>
    <IPv6Prefix/>
    <IPv6GatewayName/>
    <IPv6GatewayAddress/>
    <LocalIP/>
    <Status>Unplugged</Status>
    <IPv6Assignment/>
    <DHCPRapidCommit/>
    <IPAddress>172.16.77.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
  </VLAN>
</Configuration>

  • in reply to Execcr

    You could export the dependencies as well and change the name of the interface like described here. 

    __________________________________________________________________________________________________________________

  • in reply to LuCar Toni

    Right! I didn't thought to do it to get a view on what i could loose deleting the vlan interface.

    Thank you for responding on saturday xD

    By the way, any hint on how or what to try to get the VLAN only XML import to work? I should open a ticket?

    Have a nice weekend

Reply Children
No Data
Unfiltered HTML