Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

HOW-TO: XG to XG Migration different model (big one to small)

Hello people,

sorry for my bad english - try my best.

Situaltion: Had a SG330 Rev 1 installed with a XG Home here in my private home and environment with a HA Active-Passive Configuration. Totally oversized, i know - but that´s not the point. ;)

Now, I want to change the devices to Rev 3 devices, so I bought two SG210 Rev 3, which has been modded with a more silent fan, changed PWM configuration and replaced the small Intel to a Core i5-6500, which can be bound in SG330 Rev 3 by default. So it was cheaper that a native SG330 Rev 3 and for my setup the less ports are much enough, I only have five active ports in use.

So now I found out (yes, I did not research that before, my fault) that this would not be supported by default backup export and import, also not by export configuration.

Tried it anyway but the new device run into unaccessibility after imported configuration from the old one. Maybe the differing count of ports could be the reason - dont know, but seems to be possible. In fact I tried to migrate from a bigger to a smaller one which is not supported by sophos - what a crap.

So I examined the exported .tat file and found the entities.xml, which contains all configuration.

My idea was to delete all interface configuration parts which are higher than the existing number 8 as in the rev 3 devices.

The SG330 Rev1 has 1-8 RJ45 Ports and 9-10 SFP.

The SG210 Rev3 has 1-6 RJ45 Ports and 7-8 SFP.

Port 8 on Rev1 here was used for HA.

First quest was to find out the part of port configurations:

Now I deleted every configuration part for ports > 6 (as in the pic) because the SFP conf isn needed and should remain in place.

Also searched for HA configuration and found it at the end, which was also deleted by me.

Saved the XML and replaced the original one in the .tar.

Next step was to install the SG210 Rev3 fresh, configured Port1 with the same IP and then imported the moddified .tar.

After that it seems to be fine and successfully migrated. All interface configurations, rules, IPS conf, certs, aliases, hosts, etc. are available there and it runs as expected. Slight smile

Installed the second device naked, added as HA after setup and done.

So that procedure should also be useful for commercial migrations from big XG devices to smaller ones.



Added TAGs
[edited by: Erick Jan at 12:07 AM (GMT -8) on 4 Dec 2023]