Showing results for 
Search instead for 
Did you mean: 
Create a Post

Configuration transfer between different SMB models

When using SMB devices for remote company sites, ease of first time configuration is an important matter. When used with a central management by SMS / MDS, only some basic configuration is needed before first policy install. To be able to deploy locally managed SMB devices with (nearly) identical configuration would be much easier if a configured unit could be used to copy the needed settings to others.

But a configuration file exported from WebGUI can only be restored to the same firmware version and the same model – 600/1100, 1200R and 700/1400 are three different models with its own firmware corresponding to the hardware changes. Backup / Restore between different models is supported from 6x0 to 7x0 and 11x0 to 14x0 appliances; only from 1200R a transfer is possible to all SMB HW types using firmware > R77.20.51 (see sk111334).


But it is always possible to dump a configuration by using a CLISH command :

[clish]# show config

will output a complete series of CLISH commands matching the current configuration, complete with comments explaining what is set using the next CLISH commands. Saving these lines from expert mode into a text file produces something very similar to an autoconf.clish (also see my article USB First Time Config using autoconf.clish files - How it works😞

[Expert]# clish -A -i -c "show configuration" -v >> /var/log/config.txt

Now you can edit the text file and manually set the parameters to the values needed for the next unit to deploy. It can then be read in in expert mode, see the next two lines:

[Expert]# clish -f /mnt/usb1/config.txt -v

[Expert]# clish -f /var/log/config.txt -v

First the config is read from USB1, the second example assumes it had been already transfered to directory /var/log/.

But be aware that this is not a supported nor intended method and not very easy Smiley Happy – these saved CLISH commands usually are not able to replicate the configuration as, for example, configuring an existing interface uses "set internet-connection", as used in "show configuration" output, but to define a new interface from scratch as needed in a new or reset box, you would have to issue "add internet-connection" instead.


Details of the expert mode ‘clish’ command can be found in the CHECK POINT 600/700/1100/1200R/1400 APPLIANCE CLI Guide, Running CLISH Commands from Expert Mode, p.20. The produced text file does, of course, not contain a license, unlike the exported configuration file from WebGUI.

3 Replies

Re: Configuration transfer between different SMB models

Also, adding services will fail. Services will no source port configured will generate a command with 'source-port "nil"', which will not be recognized and will fail. The correct syntax should be 'source-port "false"'

It will be necessary to replace these parts with the correct syntax.

0 Kudos

Re: Configuration transfer between different SMB models

Yes, that is true, but not so bad as the following: The only blade that can be enabled (set aside FW and IA here) is AntiSpam, no other Blades, WebServer or Rules configuration is available in CLISH. So locally managed SMB devices must be configured using the WebGUI (will be covered in part 3 soon) ! But it is very usable for centrally managed units and for the first setup of locally managed.

0 Kudos

Re: Configuration transfer between different SMB models

Absolutely! For OS configuration this procedure is extremely useful.

With the correct adaptations, it is also a big help with the rule base.

Thank you for sharing!

0 Kudos