This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Export Policy from EC 4.0 to 4.7

I have a server that is currently running Enterprise Console 4.0.  I would like to export some of the policies that have been created in this environment, then import on my new server that is running EC 4.7 but I don't seem to see an export capability?

:12517


This thread was automatically locked due to age.
Parents
  • Hello DFINetAdmin,

    while you can export the policies you can't import them. Right now the only way I know to "keep" the policies is exporting and importing  the database to a new (and "empty") SEC and upgrading it there.

    Christian

    :12541
  • HI QC.

    Would you know if the policy import feature is now available now in SEC 5.4? I too am looking to move policies from SEC 5.3 to 5.4. I successfully exported the 5.3 policies to .xml files but cannot figure out how to have these imported to the 5.4.

    Thanks in advance.

    Brendan

  • Hello Brendan,

    it's ... still? ... not possible. Apart from the mentioned elements (Firewall and Data Control rules) only the scanning exclusions for Windows can be ex- and imported.
    I've hesitated to say still as the database design doesn't look like this would be feasible. It's possible with the aforementioned elements because they are self-contained.

    Why do you want or need to move (just) the policies?

    Christian

  • Hi Christian.

    Thanks for the feedback. We currently have SEC 5.3 installed on one server at one of our locations (location A), and we recently installed SEC 5.4 on another server at another location (location B). The idea is to have all the clients at location A be managed by SEC 5.3 (which we're planning to also upgrade to 5.4 in the next few weeks), and all the clients at location B managed by SEC 5.4 at location B. We have a fairly large network and thought it be a good idea to sort of split the management of the AV between the different locations.

    So seeing that both sets of clients at A and B are to be managed by similar policies, I thought it would be easier to export the policies on SEC at location A, and have those imported to SEC at location B. This, I thought, would be easier than redefining all the policies over again at location B.

    I'm a Sophos newbie and would greatly appreciate your input.

    Brendan

Reply
  • Hi Christian.

    Thanks for the feedback. We currently have SEC 5.3 installed on one server at one of our locations (location A), and we recently installed SEC 5.4 on another server at another location (location B). The idea is to have all the clients at location A be managed by SEC 5.3 (which we're planning to also upgrade to 5.4 in the next few weeks), and all the clients at location B managed by SEC 5.4 at location B. We have a fairly large network and thought it be a good idea to sort of split the management of the AV between the different locations.

    So seeing that both sets of clients at A and B are to be managed by similar policies, I thought it would be easier to export the policies on SEC at location A, and have those imported to SEC at location B. This, I thought, would be easier than redefining all the policies over again at location B.

    I'm a Sophos newbie and would greatly appreciate your input.

    Brendan

Children
  • Hello Brendan,

    I'm a Sophos newbie
    hm, I'm not so I'd try to import the existing database on the B server (provided it's not already productive you haven't configured anything you wouldn't want to redo). It's not hard (but also not exactly easy if you're not yet familiar with SEC) and I'd have to make one or two unsupported steps.

    Christian

  • Hi Christian.

    I'll give that a try, thanks. Server B is a VM and so far has only been used as a test box. Once I have it set up exactly how we want it, I'll point location B's clients to it.

    Thanks again for your suggestions!

    Brendan

  • Hello Brendan,

    I'll give that a try
    hey, which that? I didn't elaborate on the details [:)] - so what exactly do you want to try? Just in case ... to avoid the avoidable mistakes.

    Christian

  • Hi Christian.

    Thought to maybe try and import Server A's database onto B? Would that work?

    Brendan

  • Hello Brendan,

    in principle yes. But the database (there's more than one) for SEC 5.3 is SOPHOS521 and for SEC 5.4 it's SOPHOS540 - so the imported database must also to be migrated. It's not a supported scenario (but this doesn't matter because the worst thing to happen is that it simply doesn't work [;)]).

    About half a year ago I've written this cryptic sentences in small print
    One subject I have not yet addressed: You probably want to upgrade to SEC 5.4, don't you? To my knowledge an upgrade-migration is not a supported scenario but possible. You'd use the sec_540 installer to install the database component. Instead of DataBackupRestore you'd use RestoreDB.bat to restore SOPHOS521, SOPHOSPATCH52, and SophosSecurity. You'd then proceed installing the server components. After importing the registry (chapter 11) the Initial Catalog in DatabaseConnectionMS must be (re-)set to SOPHOS540.
    in enterprise console migration. Supposed to work.
    You'll have all the endpoints in there, you'd have to decide whether to a) keep them, b) delete them, or c) remove them from the database (unsupported). b) just flags them as deleted but keeps all the objects and their associated events and alerts as well as their group membership. c) naturally shrinks the database and gets rid of the useless clutter.

    Christian