cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Security Gateway Migration

Jump to solution

Hi Guys,

I am task to migrate a security gateway purposely for VPN to a new 5600 NGTP with R80.20 OS. I would like to know how to migrate a security gateway, do I still need to do the migrate export and migrate import?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Silver

Re: Security Gateway Migration

Jump to solution

OK so the Security Policy is held on the Managment Server so that doesn't migrate.

What looking at is extracting the Gaia OS config and importing onto the new Box

You can use the show configuration command to display the current Gaia OS configuration from the unit.

You can take that output and place into a text file

Then edit the configuration to reflect the new Appliances Interface Names.   Don't know your current model so may not use the same interface names

You can then paste the file contents into the 5600 after running through the initial config wizard.  This should get your interfaces and routes into the box,

Obviously this only takes the Gaia Config so will need to look at other files that may have been modified

 

$FWDIR/boot/modules/fwkern.conf  - kernel paramaters

$FWDIR/conf/trac_client_1.ttm   - remote access client

 

Are the ones that I usually find the need to look at, again, probably worth checking the contents of all of these.    They may or may not exist in your environment.   Certainly the last 4 which are for RSA SecurID for instance.

  • $FWDIR/boot/modules/fwkern.conf
  • $FWDIR/boot/modules/vpnkern.conf
  • $PPKDIR/boot/modules/simkern.conf
  • $PPKDIR/boot/modules/sim_aff.conf
  • $FWDIR/conf/fwaffinity.conf
  • $FWDIR/conf/fwauthd.conf
  • $FWDIR/conf/discntd.if
  • $FWDIR/conf/cpha_bond_ls_config.conf
  • /var/ace/sdconf.rec
  • /var/ace/sdopts.rec
  • /var/ace/sdstatus.12
  • /var/ace/securid

 

Other people may be able to add other files to look at,

 

Can then establish SIC, license and push policy

View solution in original post

5 Replies
Highlighted
Silver

Re: Security Gateway Migration

Jump to solution

migrate export/import is a management level tool

 

When you say migrate do you mean migrate to be

a) new hardware - ie box replacement

b) move vpn in policy to new termination point

 

 

0 Kudos
Highlighted

Re: Security Gateway Migration

Jump to solution

Hi @mdjmcnally 

What I mean is to move all configuration from old hardware (r77.x) to new hardware (r80.20).

Thanks

0 Kudos
Highlighted
Silver

Re: Security Gateway Migration

Jump to solution

OK so the Security Policy is held on the Managment Server so that doesn't migrate.

What looking at is extracting the Gaia OS config and importing onto the new Box

You can use the show configuration command to display the current Gaia OS configuration from the unit.

You can take that output and place into a text file

Then edit the configuration to reflect the new Appliances Interface Names.   Don't know your current model so may not use the same interface names

You can then paste the file contents into the 5600 after running through the initial config wizard.  This should get your interfaces and routes into the box,

Obviously this only takes the Gaia Config so will need to look at other files that may have been modified

 

$FWDIR/boot/modules/fwkern.conf  - kernel paramaters

$FWDIR/conf/trac_client_1.ttm   - remote access client

 

Are the ones that I usually find the need to look at, again, probably worth checking the contents of all of these.    They may or may not exist in your environment.   Certainly the last 4 which are for RSA SecurID for instance.

  • $FWDIR/boot/modules/fwkern.conf
  • $FWDIR/boot/modules/vpnkern.conf
  • $PPKDIR/boot/modules/simkern.conf
  • $PPKDIR/boot/modules/sim_aff.conf
  • $FWDIR/conf/fwaffinity.conf
  • $FWDIR/conf/fwauthd.conf
  • $FWDIR/conf/discntd.if
  • $FWDIR/conf/cpha_bond_ls_config.conf
  • /var/ace/sdconf.rec
  • /var/ace/sdopts.rec
  • /var/ace/sdstatus.12
  • /var/ace/securid

 

Other people may be able to add other files to look at,

 

Can then establish SIC, license and push policy

View solution in original post

Highlighted

Re: Security Gateway Migration

Jump to solution

Hi @mdjmcnally ,

Even if I will not import the following files, it will still work right? By the way, I am using MEP for my remote access VPN, where is the configuration of that?

FILES:

  • $FWDIR/boot/modules/fwkern.conf  - kernel paramaters
  • $FWDIR/conf/trac_client_1.ttm   - remote access client
  • $FWDIR/boot/modules/fwkern.conf
  • $FWDIR/boot/modules/vpnkern.conf
  • $PPKDIR/boot/modules/simkern.conf
  • $PPKDIR/boot/modules/sim_aff.conf
  • $FWDIR/conf/fwaffinity.conf
  • $FWDIR/conf/fwauthd.conf
  • $FWDIR/conf/discntd.if
  • $FWDIR/conf/cpha_bond_ls_config.conf
  • /var/ace/sdconf.rec
  • /var/ace/sdopts.rec
  • /var/ace/sdstatus.12
  • /var/ace/securid

Thank you so much for the help.

0 Kudos
Highlighted
Admin
Admin

Re: Security Gateway Migration

Jump to solution
That's considered part of the Security Policy, which is pushed from management.
0 Kudos