Restore config to SG-2100 from dissimilar hw

mrchip

New to Netgate & tested on a decommissioned sophos sg box. Set it up, configured and I love it! I wanted to support the project & bought the SG-2100. Can I just backup the config from the test sophos hardware and restore it into the SG-2100 or do I have to do it manually set up the SG because it's dissimilar hw?

Thanks

SteveITS

@mrchip Netgate will convert the config (for free) to adjust for the switch in the 2100.

https://docs.netgate.com/pfsense/en/latest/backup/restore.html#backup-compatibility:
"Restoring between pfSense CE and pfSense Plus or vice versa may work in many cases, but results depend upon the target hardware and version. For example, restoring to pfSense Plus on hardware with an integrated Ethernet switch may require manual adjustments. Contact Netgate TAC for specific guidance."

rcoleman-netgate

@mrchip Are you accounting for the configuration of the Marvell switch in your 2100?
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/switch-overview.html

JKnott

@mrchip

When I replaced the old computer, with the one described in my sig, all I had to do was copy over config.xml and then adjust the interface assignments to reflect the new device names.

SteveITS

@jknott said in Restore config to SG-2100 from dissimilar hw:

all I had to do was copy over config.xml and then adjust the interface assignments

That's the most common scenario, just choose the interfaces on a restore. The difference is in models with a built in switch.

I suppose if one was adventurous, one could export the 2100 default config and merge the switch part of that config into the "good" config file, but that's what Netgate will do.

Question: does it need to be done the other way? For instance if/when we start replacing 3100s if the replacement doesn't have a switch can we just restore, or will that also require removing the switch config?

stephenw10

Yeah if you have more than two interfaces configured in the Sophos device then you would need some additional switch config in the 2100 to separate the ports. You can open a ticket with us to do it if you need to.

Steve

SteveITS

@stephenw10 said in Restore config to SG-2100 from dissimilar hw:

if you have more than two interfaces configured in the Sophos device then you would need some additional switch config in the 2100 to separate the ports

To potentially save some future communication to Netgate support, are you saying that if there are only two interfaces in use, then there's no need to worry about the switch config, and one can just restore and assign WAN and LAN?

stephenw10

@steveits Yes, exactly. You can simply assign WAN and LAN as mvneta0 and mvneta1 and the default switch config will be added giving you LAN on all 4 ports.

Steve

mrchip

Thanks for your help everyone. I had only two interfaces configured (wan1 and lan1) even though the sophos device had 4 physical lans only one was needed. I backed up the Community Edition that was originally installed & configured onto the sophos. I then booted up the Netgate SG-2100 and did a restore through the menu options in the web config. Everything worked for me. I think I might have had to name and/or assign the eth ports. For not being familiar with the product and concerned if help would be available when I needed it this went well for me. I hope it helps anyone in the future who is contemplating a change from the Community edition to the netgate hardware.

Thanks again everyone