Sophos Firewall: Interface / VLAN Migration via XML Import/Export

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

This Recommended read describes migrating vLAN to another Interface using the Import/Export Feature of Sophos Firewall.

Moving vLAN configuration or Interface configuration in GUI  isn’t possible. Using the Import/Export feature in Sophos Firewall can perform the task.

Another workaround is to add many VLANs as another approach. You may refer to the following. 

Sophos Firewall: Creating XML Objects with Notepad++ for mass import 

Import/Export Configurations Step

Step 1. VLAN Interfaces 

To verify the Interfaces, Go to CONFIGURE>Network>Interfaces

Step 2. Export/Import Interfaces

Go to SYSTEM>Backup & Firmware>Import export

In the Export > Select Export Selective Configuration, choose Interface, then click Export.

Click Download

Step 3. Interface Configuration

Upon Exporting, this will download a TAR file. "Using 7Zip, unzip the .tar file.

Step 4. Editing Entities File

Using Notepad++, edit the Entities file.

To fasten the import process, remove every other configuration and only leave Port 3 and VLAN configurations.

Removing isn’t necessary. However, this will speed up the process.

Upon removing, the Tar file will only have the following

Step 5. Find & Replace

Using Notepad++, using the shortcut key, click Ctrl+H 

Or Click Search>Replace

This process in Notepad++ will replace the configuration

Step 6. Replacing the Tar File.

Opening the .tar File with 7zip 

Using Drag&Drop and copy&replace the new Entities.xml within the .tar

Note: Make sure, you saved the changes in Notepad++!
 

Step 7. Unbinding Old Port

in Sophos Firewall, unbind the old Port3 and remove the configuration

Step 8. Importing new.TAR File 

Upon replacing the new configuration in the .tar file and removing the configuration from the old port. We can now Import the new configuration.

Go back to SYSTEM>Backup & Firmware> Import export

Upload the edited/new .tar file by clicking "Choose File." 

Note: This can take some time, as Sophos Firewall will add all VLANs to the interface.
The upload speed will depend on your appliance and the number of VLANs.



Revamped RR Revised RR Upload new screenshots Added additional instructions Corrected Grammar Added Horizontal Lines
[edited by: Erick Jan at 12:40 PM (GMT -7) on 26 Sep 2023]
Parents
  • I want move from physical to LAG, Execcr mention this made problems, is this fixed?

    On Step 7 you say "unbind the old Port3 and remove the configuration" does that mean all vlans on port 3 aswell ?(delete?)

    Should these steps be performed on interface where i am not currently connected to?

    On my xgs 2100 the file is seperated on another "selective configuration", is this something i should consider?

    I see no DHCP Server /Relays, should you not change that too? Or does this get changed automatically ? If no, what else?

    Is it possible to test it over gui, setting up the same vlan on 2 interfaces with different gateway or does this cause routing problems?

Reply
  • I want move from physical to LAG, Execcr mention this made problems, is this fixed?

    On Step 7 you say "unbind the old Port3 and remove the configuration" does that mean all vlans on port 3 aswell ?(delete?)

    Should these steps be performed on interface where i am not currently connected to?

    On my xgs 2100 the file is seperated on another "selective configuration", is this something i should consider?

    I see no DHCP Server /Relays, should you not change that too? Or does this get changed automatically ? If no, what else?

    Is it possible to test it over gui, setting up the same vlan on 2 interfaces with different gateway or does this cause routing problems?

Children
No Data