Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Migrate CR25ia to XG 105 but Firewall Rules Missing

Hi, I try to upgrade CR25ia (10.6.3.409) to XG105 (SFOS 15.01.0), as documented all ia can't upgrade to SFOS so purchased new hardware XG105. What I done was backup from CR25ia and restore to XG105, all configurations are able to restore but I can't see any firewall rules from XG105. When I try remove zone settings it refused and given error message firewall rule still using the zone can't remove.

Is this the best way to migrate? If not how can I migrate it as fast as possible?



This thread was automatically locked due to age.
Parents Reply Children
  • Considered yes, what i did was backup from CR and then restore to XG but because of the restore not properly convert the firewall policies so I have to recreate the firewall policies, the rest of the settings are ok (I go through it one by one).

    The challenges here are how to remove all restored policies so can be recreate again, lucky there are new functions call Import/export can export all settings in xml format then remove all SecurityProlicy and Services (because CR will auto create Services name started with # when create virtual host) in Entities.xml file.

    You can use 7zip to extract and update Entities.xml file from .tar that download from XG export. After finished updated export file just reset XG to factory settings and import the updated .tar to get back to settings.

    The XG already online on clients office for more then 2 weeks without complain. The best thing is users login account and password also preserved.
  • HI Richard,

    What you have found is correct, at this time there is no mechanism to directly load a Cyberoam configuration file onto an appliance running SF-OS (either XG or Cyberoam running SF-OS)

    Your cleanest option would to be to load the CR25ia configuration into a CR25iNG Appliance and migrate that (you could possibly use a virtual UTM)

    I am glad everything appears to be OK with what you have done, however please be carefully with manually modifying the XML export from a Cyberoam appliance and importing it onto a XG appliance as depending on your setup there could be configuration conflicts and the XML import will not convert the settings but just apply them as is.

    If you are not going to perform a in place migration on a Cyberoam appliance it is recommended that you program the new XG appliance from new.

    Thanks,

    Leon

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP