This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restoring a configuration to a standalone appliance

We received a new ES1100. I exported the certificate and backed up the configuration of our running appliance. I can find no way to import the configuration into the new appliance. I want to do a restore of the configuration and import of the certificate and then rack the appliance. When our maintenance window comes around, we can just swap the network cable to the new appliance.

What is the best method to migrate off an older appliance to a newer one?

What is the reason to backup the configuration if there is no way to import it?



This thread was automatically locked due to age.
Parents Reply Children
  • It would help if Sophos support would ever answer the phone!  We have multiple open tickets with support and the only one that answers the phone is an answering service that will open a ticket and tell us someone will call back. It can take the answering service 30 minutes to 2 hours to answer.

  • Hi, Aiman,

     

    I do not think the link is helpful. I have the same issue, trying to restore backed up config file to new Virtual Appliance. Could you please further guide on this?

    Thanks

  • Hi David,

     

    You have 2 options

    #1 -

    If you do not have both appliances at the same time.  You will need to open a support case and send support the config file. That restore file can be applied to an appliance via the back end.  Generally this is a last ditch effort to restore config. (ie your appliance blows up and you have no way to accomplish method #2) 99% of the time the backup option is only ever used as a DR method.

     

    99% of the time you will follow this method to transfer configuration, certs etc to new or existing members.  Note the 2 notes at the end, you could also go through the existing appliances quarantine and release anything you want to keep. 

     

    #2 (recommended)

    assuming you have both appliances (regardless if they are hardware or vms)

    import the .ofv file into esxi.

    press next and yes through the install process.  set up the new vm with a unique host name and ip address  (just make sure it can get out to the net without web filtering and is on the same subnet as your other vm)

    half way through the install process it will ask you to "join a cluster"

    select "yes" 

    this will build a cluster with your existing appliance, it will sync the configuration (with the exception of networking information) all of your policys will be shared among the two appliances.

    continue the install, complete all upgrades and reboot the new vm until it is fully online, updated and working.

    then log into the old appliances ip:18080

    go into the clustering menu

    remove its self from the cluster.

     

    this will transfer all of the cluster master jobs to the new appliance.

     

    power down the old appliance.

    from the vm host, go into the console window and run the networking config tool..

    assume the hostname and ip of the old apppliance.

    presto, done

    (ps select your cert from your old appliance as the process will transfer your existing ones but will not automatically select what services to use it on)

     

    note: 

    option #2 requires next to 0 downtime and can be done in production, the only time an appliance will not accept mail is for the 30 seconds it will take for the new member to change its ip address.   becasue you are assuming the old appliances hostname and ip address you should not need to make any other changes (ie exchange send connectors etc)

     

    special note:

    if you NEED your OLD quarantine to be accessible.. 

     

    rather than assuming the hostname and ip address right away.. leave the new appliance with its unique hostname and IP.. change your firewall to pw 25 to the new appliance and your send and receive connectors in exchange to the new appliance.  then make an additional send connector that basically says "any mail to sea-auto-approve.mydomain.com, goto the OLD appliance"

     

    after the quarantine expires in 30 days, assume the old appliances ip / hostname, change your rules back.. power down the old appliance and send it back (if its an rma)

     

    clustered appliances can share the quarantine and configuration but do NOT share email processing.  By doing the above you are directing ALL email to the new appliance, so your new quarantine will exist and be accessible on that device.