Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3753 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transfer Configuration Objects from one Firewall to another

BeEf

Hi,

I am setting up some XG firewalls that are integrated in central. What is the best way to transfer parts of the configurations from one firewall to the other?
I am thinking of some templates regarding host and network definitions, policy definitions, vpn configurations ...

1) Import / Export (complicated / don't know what I really get)

hosts
templates

I tried import export. Besides the fact that is using tar format I am not really sure what happens if I import / export different firewall models especially regarding the predefined objects. I also do not want to crush mistakenly things that I already setup e.g. changing networks and ip adresses.

2) Direct import via CSV,XML list - is this possible?

3) API 

I did not get deep into this but it seems to be very time consuming without the help of a good supporting program. Is there any besides low level web programming ??

4) Creating and installing object templates via central ??

5) Is it possible to backup / restore configurations from different firewall models? This is not really a good solution as no two firewalls are never the same and you will spend time to tidy up afterwords.

Every Idea that is realizable without to much effort and  time welcome.


Regards,
BeEf



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks.

    Will I be able to select which objects I can push to the new firewall? For example it does not make sense for local networks and Internet connections.

    How about different interface naming? Can/Is there some kind of mapping? 
    Will the be some wildcards e.g. for the IPs and networks of the interfaces?
    Is there something I can browse through on the Firewall group

    However I'd been surprised if this was working. From my point of view it broke:


    The Exclamation Mark says: Authentication -> One Time Password. I am wondering whether anything except this was imported or if the whole process is cancelled. Can I see somewhere what is attached to the group?

    Can you point me to the relevant documentation?

  • 0 in reply to BeEf

    It will stop the entire import as something stops it in your marked area. Seems like there is some configuration in OTP; which is odd for Central to import. Could be a bug or some faulty edge case configuration. What do you have in terms of OTP config right now? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Looks reasonable for me (and is also working):

  • 0 in reply to BeEf

    Good morning,

    this import function seems not to work at all and really sucks:



    The second firewall is importable but this is actually the one I want to setup without entering all the hosts, networks ... 
    Number 1 and 4 fail when trying to import the config.
    Number 3 and 5 are not displayed for import for unknow reason.


    Is it possible to create and configure a fresh new template and link it to a new group.

    Regards,
    BeEf

Unfiltered HTML