Export Policy from EC 4.0 to 4.7

Hello DFINetAdmin,

while you can export the policies you can't import them. Right now the only way I know to "keep" the policies is exporting and importing  the database to a new (and "empty") SEC and upgrading it there.

Christian

HI,

The firewall policy can be imported and exported and so can data control to some degree.

Is it SAV policy that you are most interested in? For example do you have a long list of exclusions you'd like to save retyping in?

Thanks,
Jak

Yes, exactly.  Specifically, there is a LONG list of Known Files and Known Applications in the Authorization Manager.  Do I REALLY need to retype all of them back in? 

This is just an idea and not a recommendation: A quick test suggests that updating the [PolicyXML] column in table [dbo].[policies] is possible and and gives the desired results. The SAV policies are [Type]=2 and can be identified by Name. Note that the data type of [PolicyXML] has changed from SOPHOS4 to SOPHOS47.

While it won't help you now you should consider submitting a feature request.  

And it's good practice to backup the database regularly

Christian   

HI QC.

Would you know if the policy import feature is now available now in SEC 5.4? I too am looking to move policies from SEC 5.3 to 5.4. I successfully exported the 5.3 policies to .xml files but cannot figure out how to have these imported to the 5.4.

Thanks in advance.

Brendan

Hello Brendan,

it's ... still? ... not possible. Apart from the mentioned elements (Firewall and Data Control rules) only the scanning exclusions for Windows can be ex- and imported.
I've hesitated to say still as the database design doesn't look like this would be feasible. It's possible with the aforementioned elements because they are self-contained.

Why do you want or need to move (just) the policies?

Christian

Hi Christian.

Thanks for the feedback. We currently have SEC 5.3 installed on one server at one of our locations (location A), and we recently installed SEC 5.4 on another server at another location (location B). The idea is to have all the clients at location A be managed by SEC 5.3 (which we're planning to also upgrade to 5.4 in the next few weeks), and all the clients at location B managed by SEC 5.4 at location B. We have a fairly large network and thought it be a good idea to sort of split the management of the AV between the different locations.

So seeing that both sets of clients at A and B are to be managed by similar policies, I thought it would be easier to export the policies on SEC at location A, and have those imported to SEC at location B. This, I thought, would be easier than redefining all the policies over again at location B.

I'm a Sophos newbie and would greatly appreciate your input.

Brendan

Hello Brendan,

I'm a Sophos newbie
hm, I'm not so I'd try to import the existing database on the B server (provided it's not already productive you haven't configured anything you wouldn't want to redo). It's not hard (but also not exactly easy if you're not yet familiar with SEC) and I'd have to make one or two unsupported steps.

Christian

Hi Christian.

I'll give that a try, thanks. Server B is a VM and so far has only been used as a test box. Once I have it set up exactly how we want it, I'll point location B's clients to it.

Thanks again for your suggestions!

Brendan

Hello Brendan,

I'll give that a try
hey, which that? I didn't elaborate on the details [:)] - so what exactly do you want to try? Just in case ... to avoid the avoidable mistakes.

Christian