Merge to FW into 1



  • Hi

    We have 2 sites, and 1 of those sites will be decommissioned at the end of the month.

    Each of the sites have there own SSG, now what the plan is to merge the config from the sites into 1 FW.

    Do you know the best way to do this?

    Thanks



  • Hi Silver,

    The only thing i can say is ‘think and plan’.

    If one site is decommisioned, why would you want it’s complete config on the ssg that remains?
    You might want address objects and services etc, but also it’s routing, interface addressing ?

    What traffic do you think might fail when the site is decomissioned?
    It sounds like the 2b decomissioned site is moving, but not going away 🙂

    perhaps explain a bit more what is happening ….



  • Ok

    You can either copy the Policies from command line from FW2 and paste them to FW1. If both the FW2 and FW1 have the same Zone nomenclature OR

    You can create new policies on you own.



  • Hi

    FW1: ScreenOS 6.1.0r4.0
    FW2: ScreenOS 6.0.0r4.0

    It looks like config from FW2 will be moved over to FW1.

    In this case would it just be having to add new policies onto FW1?



  • If both the firewalls are of the same model and on the same ScreenOS then you can import/merge the policies together.

    You need to take care of Admin username/password, Zones, naming conventions etc.

    Need to do loads of planning before going forward, as both the sites are seperated from each other.



  • Also we want to import the policies from 1 FW onto the other, to ensure people can still access resources.

    Thanks


 

20
Online

38.4k
Users

12.7k
Topics

44.5k
Posts