SFOS (XG) configuration portability between SG hardware and XG hardware?

Hello all, first post on the forum!

 

I ran into an issue with my first SG to XG migration. When preparing for this upgrade, I thought I was being smart and ahead of the game when I mirrored the SG config (SG135) onto another XG box (XG135) I had on hand. However, when I tried to import the config after the SG -> SFOS (XG) upgrade, it said it was incompatible. I sent a ticket to Sophos support and got this canned answer:

 

Hello Daniel,


Thank you for reaching out to Sophos Technical Support. Regarding your concern on Sophos SG to XG configuration migration, I regret to inform you that such activity would have to be performed manually. You can refer to this knowledgebase article: https://community.sophos.com/kb/en-us/124588. If you have any more inquiries, please let us know. Thank you.


Regards,

Mark Ian Ocampo
Sophos Technical Support
http://www.sophos.com/en-us/support/technical-support.aspx

 

I went ahead and placed the XG I configured into production, then mirrored the config AGAIN by hand (was a bit easier this time around since the screens matched). Is that truly the case that I cannot import a SFOS config from an XG appliance to a SG appliance on the same SFOS revision? It seems like a pretty sizable oversight if it is. If there is a reason why its not possible, that's fine with me, I would just appreciate an explanation more than anything.

Thank you,

Danny

  • Danny,

    Migration from UTM9 to XG is still not available at the moment. Sophos is developing a tool.

    For XG to SG migration this should be possible. The only limitation is the number of ports with must be the same or greater on the target.

    So you can migrate from 110 to 210 but not viceversa.

    Regards

  • In reply to lferrara:

    I stated in my original post that I was NOT trying to upgrade from SG to XG as I know this is not possible. I was attempting to transfer a config laterally between SG and XG hardware on the same version of SFOS.

    I found out through my regional rep that there are hardware identifiers that prevent the transfer of a config between SG and XG hardware that are both on SFOS. I advise anyone in this situation to contact their rep as there may be a way they can "massage" the config if you upload it to them. This is not a guarantee, but a possible path and explanation at the very least.