Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3753 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transfer Configuration Objects from one Firewall to another

BeEf

Hi,

I am setting up some XG firewalls that are integrated in central. What is the best way to transfer parts of the configurations from one firewall to the other?
I am thinking of some templates regarding host and network definitions, policy definitions, vpn configurations ...

1) Import / Export (complicated / don't know what I really get)

hosts
templates

I tried import export. Besides the fact that is using tar format I am not really sure what happens if I import / export different firewall models especially regarding the predefined objects. I also do not want to crush mistakenly things that I already setup e.g. changing networks and ip adresses.

2) Direct import via CSV,XML list - is this possible?

3) API 

I did not get deep into this but it seems to be very time consuming without the help of a good supporting program. Is there any besides low level web programming ??

4) Creating and installing object templates via central ??

5) Is it possible to backup / restore configurations from different firewall models? This is not really a good solution as no two firewalls are never the same and you will spend time to tidy up afterwords.

Every Idea that is realizable without to much effort and  time welcome.


Regards,
BeEf



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BeEf

    It will stop the entire import as something stops it in your marked area. Seems like there is some configuration in OTP; which is odd for Central to import. Could be a bug or some faulty edge case configuration. What do you have in terms of OTP config right now? 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Looks reasonable for me (and is also working):

  • 0 in reply to BeEf

    Good morning,

    this import function seems not to work at all and really sucks:



    The second firewall is importable but this is actually the one I want to setup without entering all the hosts, networks ... 
    Number 1 and 4 fail when trying to import the config.
    Number 3 and 5 are not displayed for import for unknow reason.


    Is it possible to create and configure a fresh new template and link it to a new group.

    Regards,
    BeEf

Unfiltered HTML