Easiest way to transfer config between different hardware platforms

  • I just moved from a big, fancy, expensive datacenter in another state to a a local location.  As an interim firewall solution in the new location I used an SG-2440 I already had, but now that I've taken all the old hardware down I'd like to use it in the new location.

    I was using an SG-8860 as a primary with an old Netgate Hamakua configured as failover.  I don't have enough routable IPs in the new location to configure these as they used to be, so what I'm thinking about doing is:

    • Copying the configuration from the SG-2440 to the SG-8860 and Hamakua

    • Using the SG-8860 as my firewall, with the (usually) powered down Hamakua preconfigured so I can use it as a backup by just powering it up.

    Pretty simple.  I'm just wondering if there's a simple way to carry the configuration from the 2440 to the bigger boxes without simply recreating everything from scratch.  I'm certain it's not as simple as uploading a backup to the new machine and making sure the interfaces are configured correctly, but maybe it is…

  • It usually is just that simple.

  • I'm glad to hear that.

    I tried it last night and everything came across cleanly, except a warning that packages were being installed in the background, and I could never get the new firewall to route.

    Soooo, I uninstalled bandwidthd and suricata (the only packages installed), did it again, and the firewall is trying to install packages again, but when I switch the ports over I'm not seeing it route data.  So something's up.

    I'll post here once I figure it out.  So far my ISP says it's not something like a MAC address permissions issue.

  • OK, for future forum searchers who run into this problem, here's the story:

    In my case, the configuration apparently came across cleanly, but traffic wouldn't route to the Internet (DNS lookups and traceroutes failing), DHCP wasn't being serviced on the lan, and OPT3 OPT4 interfaces were blinking with traffic while WAN and LAN traffic was doing a slow, stupid blink.

    It turns out interface igb1 on my SG-8660 is the WAN, and ibg0 is the LAN.  That's a complete surprise to me, and it made the configuration switchover fail as well.

    Once I realized that, everything ran smoothly.  It just took plugging in a LAN port and seeing which port was marked as UP on the Dashboard.

  • Yes, interfaces will usually need to be remapped but I thought you already knew that from your first post.

  • @KOM:

    Yes, interfaces will usually need to be remapped but I thought you already knew that from your first post.

    I did.  It's just that the hardware looked so similar…...  :)

Log in to reply