Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 2983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Could not import the configuration from the selected firewall - Sophos Central

apijnappels

Im a bit lost in this; see a lot of potential in managing the XG firewalls from Sophos Central (we also use it for Endpoint, wireless, encryption, etc).

Adding the XG to Central was easy, so was accepting. Then I tried to create a a firewall group and would like to import the config from the existing firewall. When choosing the firewall and clicking save the process starts. After some time it will give the message:

Could not import the configuration from the selected firewall. with a red exclamation mark in front of it.

I can however perfectly manage the firewall through Sophos Central so connection seems fine.

It may have something to do that at this moment the firewall I am configuring is still behind a UTM hence behind a NAT device and it may need to have some ports opened, however that imho would defeat partly the power of Central management.

How can I troubleshoot what goes wrong with this import?



This thread was automatically locked due to age.
Parents
  • 0

    Hi , it does report the specific error on failures, but unfortunately, it seems this is not so obvious to discover. If you click on the red exclamation mark, it will show you a tool tip listing any areas that were problematic. there are a couple improvements pending that will fix problems with NAT rules and device access settings that cause failures today, but if you have anything that you cant make sense of, please let me know. 

    , the import only works with firewall running the latest v18 MR4 firmware. once you have firewalls upgraded to the latest version, they should be available for import.

  • 0 in reply to AlanT

    Nice, didn't see that earlier, here's what mine lists:

    For now it's not really needed anymore, I have already gone through the setup manually from a-z, but it would definately be good to know what I could (temporarily) change/disable for import to work.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    There are some changes and bugfixes coming this weekend into Central.

    But could you check the following:
    Device access: Do you have a Zone without any service enabled? 
    Do you have a WAF Rule? 

    Both settings are blocking the import right now and will be fixed.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni
    LuCar Toni said:
    Device access: Do you have a Zone without any service enabled? 
    Do you have a WAF Rule? 

    Right now both don't apply to my situation, the WAN zone has just SSL-VPN checked, other zones have at least two services enabled and I don't use WAF. Will however try again after this weekend.

    The errors for my situation are listed above (NAT rule, OTP, Firewall rule, DNS host entry) Seems that the idea of importing from an existing device is great, but there are currently too many settings normally in use in a live environment preventing a successful import.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to LuCar Toni
    LuCar Toni said:
    Device access: Do you have a Zone without any service enabled? 
    Do you have a WAF Rule? 

    Right now both don't apply to my situation, the WAN zone has just SSL-VPN checked, other zones have at least two services enabled and I don't use WAF. Will however try again after this weekend.

    The errors for my situation are listed above (NAT rule, OTP, Firewall rule, DNS host entry) Seems that the idea of importing from an existing device is great, but there are currently too many settings normally in use in a live environment preventing a successful import.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML