MSS FW Best Practices: Configuration Export & Import

Description

CAUTION: These documents are intended to provide partners with firewall configuration recommendations ONLY. They contain examples and caution should be exercised when making changes to your firewall as unplanned changed could result in downtime based on the complexity of the environment and/or configuration. 

MSS Recomended SonicWall Firewall Best Practices Index

Config Export/Import

Most firewall configurations can be exported from an existing firewall and imported directly into a new one. There are some exceptions noted below.

Gen 7 to Gen 8

Configuration settings from a Gen 7 firewall can be imported directly into a Gen 8 firewall.

Gen 6 to Gen 8

Settings files from Gen 6 devices can also be imported directly into Gen 8 devices, depending on model support.

  • Please review the official import matrix for a list of compatible models.
  • If your model is not supported, you will need to use the Migration Tool by following the same process outlined for Gen 6 to Gen 7 migrations. Refer to: SonicWall Gen 8 TZ and Gen 8 NSa Settings Migration

Gen 6 to Gen 7

Unfortuniatly Gen 6 settings files cannot be directly imported into a Gen 7 so the migration tool is needed. To migrate settings from a Gen 6 unit to a Gen 7 unit, follow the instructions below to convert the file using the SonicWall Online Migration Tool.

Prerequisites

  1. Make sure that the source Gen 6 firewall is running the latest Gen 6 General release firmware.
  2. Ensure that the Gen 6 firewall model is okay to import to the Gen 7 firewall by looking at the Configuration Settings Import Support by Platform chart here: Can Settings be Exported/Imported from one SonicWall to Another? (Support Matrix) | SonicWall
  3. If the export/import path is supported, move on to the below steps.
  4. If the export/import path is NOT supported, you will need to build the Gen 7 unit by hand.

How to Create Gen 7 Settings File by Using the Online Migration Tool

Creating Gen 7 Config

  1. Export and save settings from your existing Gen 6/6.5 firewall on the local machine
  2. In a web browser, go to https://migratetool.global.sonicwall.com/
  3. Select the Product as SonicWall. Browse and upload your settings file.

  1. Choose the Target Product (NSa 2700 in this example) from the Select Target Product list.

  1. Assign interfaces on the target firewall. Map your existing interfaces to the preferred interfaces on NSa 2700. Click Next.

  1. Select the target firmware version for the new settings file - In this example: 7.0.1. Select File to Export as SonicWall (EXP format). Save the file on your local machine.
    1. TIP: Under Advanced section: Drop default access rules from source device and Drop default Nat policy from source device can be selected in order to only migrate custom access rule and Nat policy from source exp file.

  1. Register the Gen 7 firewall, download the new firmware and upgrade the firmware.

  1. Upload the newly created settings file into your NSa 2700.
    TIP: It is recommended to factory default the NSa 2700 before importing the configuration file (not required if the device is out of the box).
  2. Check DNS settings (configure manually if necessary).
  3. Reboot the firewall.

Related Articles

  • MSS Managed Firewall Best Practice Configuration
    Read More
  • NDR: Integration Guide
    Read More
  • NDR: Windows Server Agent
    Read More

Categories

Managed Security Services
Firewall Monitoring and Management
Firewall Configuration and Best Practice
not finding your answers?
Ask the Community