Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Importing config from the "other" freebsd firewall?

    Installation and Upgrades
    2
    5
    129
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sporkme last edited by

      Hi,

      Is this still an option? I know when I moved from pfsense to opn, with some light editing of the xml file I was able to pull in some of the things that would be time-consuming, like aliases. I'd like to come back to pfsense for awhile to see how things compare, but would like to import as much of the config as I can. What's the current status of this?

      Also what's the countdown on the AES-NI thing? Looks to be at least a year before this is forced, correct? I'm on a perfectly fine Core2Duo SFF Dell that remains healthy and has more than enough CPU for my needs.

      provels 1 Reply Last reply Reply Quote 0
      • provels
        provels @sporkme last edited by

        @sporkme If they were once that similar, I think I'd build a base pfSense and export the config and do a side-by-side. Re. AES-NI that has been skipped for the present in both the current release and development versions.

        1 Reply Last reply Reply Quote 1
        • S
          sporkme last edited by

          Thanks - I'm installing pfsense in a VM with a matching number of ethernet interfaces and then I'll do some diffing of stuff after creating a basic config.

          Great news on the AES-NI thing. Might actually buy new hardware by the time that rolls around.

          S 1 Reply Last reply Reply Quote 0
          • S
            sporkme @sporkme last edited by

            Hmmm, they are diverging, but migrating chunks is possible.

            Here's the opn format for aliases. Of note, it's nested within the firewall section. There is also a UUID attached, but that's simply ignored on input. Also "description" is "descr" and wrapped in CDATA tags, "content" needs to be combined to a single line and changed to "address", and the fields for "update frequency", "counter" and "enabled" can be removed:

            <Firewall>
  <Alias version="1.0.0">
    <aliases>
      <alias uuid="e64c76f3-49bb-4b8c-8f77-440bbe964e61">
                  <enabled>1</enabled>
                  <name>voip</name>
                  <type>host</type>
                  <proto/>
                  <counters>0</counters>
                  <updatefreq/>
                  <content>10.3.2.19
      10.3.2.20
      10.3.2.21
      10.3.2.51</content>
                  <description>voip devices</description>
                </alias>
   </aliases>
  </Alias>
</Firewall>

            And the same after some massaging:

            <aliases>  
<alias uuid="e64c76f3-49bb-4b8c-8f77-440bbe964e61">
	<enabled>1</enabled>
	<name>voip</name>
	<type>host</type>
	<address>10.3.2.19 10.3.2.20 10.3.2.21 10.3.2.51</address>
	<descr><![CDATA[voip devices]]></descr>
  </alias>
</aliases>
            1 Reply Last reply Reply Quote 0
            • S
              sporkme last edited by

              Well, with a small amount of work I was able to grab the most time-consuming stuff for import: IP aliases and DHCP config (including all the reservations). Works great so far.

              Now to continue testing and see if the panics I was seeing on the other firewall are hardware-related or (my suspicion) HardenedBSD-related.

              If I had more time I'd be a true nerd and make a configuration transmogrifier that lets you flip-flop between these two vendors.. :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy