Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Could not import the configuration from the selected firewall - Sophos Central

Im a bit lost in this; see a lot of potential in managing the XG firewalls from Sophos Central (we also use it for Endpoint, wireless, encryption, etc).

Adding the XG to Central was easy, so was accepting. Then I tried to create a a firewall group and would like to import the config from the existing firewall. When choosing the firewall and clicking save the process starts. After some time it will give the message:

Could not import the configuration from the selected firewall. with a red exclamation mark in front of it.

I can however perfectly manage the firewall through Sophos Central so connection seems fine.

It may have something to do that at this moment the firewall I am configuring is still behind a UTM hence behind a NAT device and it may need to have some ports opened, however that imho would defeat partly the power of Central management.

How can I troubleshoot what goes wrong with this import?



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    What is the firmware version on your firewall?

    I was able to take the configuration backup from the Central for the firewalls running with v18 MR4 and v17.5 MR14. These firewalls are behind the UTM. 

    I experienced the same issue as yours on v17.5 MR14, but it worked after I re-registered the firewall with the Central. 

    Thanks,

  • This is on V18.0.4 MR-4. Registering in Central was also done after upgrading to MR-4.

    Making a backup is not the problem, but when creating a group at the point "Select an initial configuration for your group. You can customize it later" when I choose to import from current config, than it runs for a while, it does create a handful of dynamic objects, but I suspect it fails halfway the proces.

    It also shows different then a group created with Sophos defaults (see screenshot):


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • There are some bug IDs, currently under investigation, which could prevent the Import.

    Just to name some blockers in the Configuration:

    Do you use a WAF Rule? This could block the import. 

    Do you have a Zone under Device access, which does not have select "ANY" services? This will block the import. 

    Those issues will be fixed in a upcoming Central version. 

    __________________________________________________________________________________________________________________

  • How did you even get it to start the import on that screen on my central has the button for  Import existing configuration but then has a dropdown box that appears below it with nothing in it??   

  • import configuration is failing for me as well with error Web_ContentFilter > Policies. 

    What do i need to change on my content filters to get this to import?

  • Hi , it does report the specific error on failures, but unfortunately, it seems this is not so obvious to discover. If you click on the red exclamation mark, it will show you a tool tip listing any areas that were problematic. there are a couple improvements pending that will fix problems with NAT rules and device access settings that cause failures today, but if you have anything that you cant make sense of, please let me know. 

    , the import only works with firewall running the latest v18 MR4 firmware. once you have firewalls upgraded to the latest version, they should be available for import.

  • Nice, didn't see that earlier, here's what mine lists:

    For now it's not really needed anymore, I have already gone through the setup manually from a-z, but it would definately be good to know what I could (temporarily) change/disable for import to work.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • There are some changes and bugfixes coming this weekend into Central.

    But could you check the following:
    Device access: Do you have a Zone without any service enabled? 
    Do you have a WAF Rule? 

    Both settings are blocking the import right now and will be fixed.

    __________________________________________________________________________________________________________________

  • I have v18 SFOS 18.0.4 MR-4 firmware. 

    But when trying to import from configuration i am getting this. 

  • Hi , it does report the specific error on failures, but unfortunately, it seems this is not so obvious to discover. If you click on the red exclamation mark, it will show you a tool tip listing any areas that were problematic. there are a couple improvements pending that will fix problems with NAT rules and device access settings that cause failures today, but if you have anything that you cant make sense of, please let me know. 

    , the import only works with firewall running the latest v18 MR4 firmware. once you have firewalls upgraded to the latest version, they should be available for import.