Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Moving from ASA5512x to PFSense

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 504 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fartypants
      last edited by

      Guys,

      I have a pair of Cisco ASA5512x firewalls which go EOL in a few months time. I decided its time to move to PFsense 2.6.0 and I'm looking at ways to speed the process along.

      First thing - does anyone have any advice based upon their own "been there ... done that" experience they are willing to share?

      If not, biggest hurdle I've found so far is the lack of ability to change the firewall config via the CLI. I have around 700 filter rules on the ASA, and I don't want to have to sit at a GUI and type them all in.

      To get around this, I've experimented with adding rules by editing and restoring XML backup files, then restoring. That seems to work, but can't help feeling that there must be a better way.

      Before I take the next step and try and put together a few lines of Perl to [even halfway] convert ASA rules to XML, thought I'd better check I'm not re-inventing the wheel here ...

      Any thoughts and suggestions most gratefully received.

      Thanks

      ChIP

      DaddyGoD P 2 Replies Last reply Reply Quote 0
      • DaddyGoD Offline
        DaddyGo @fartypants
        last edited by DaddyGo

        @fartypants said in Moving from ASA5512x to PFSense:

        Any thoughts and suggestions most gratefully received.

        Hi,

        This has been asked by several people in relation to different migrations, I have not yet come across rule converters for pfSense

        the good news is that you only have to do it once and your idea is not bad with xml, but you have to check it anyway, ergo you will definitely check the rule from GUI and and once you're there... 😉

        Cats bury it so they can't see it!
        (You know what I mean if you have a cat)

        1 Reply Last reply Reply Quote 0
        • P Offline
          pete35 @fartypants
          last edited by

          @fartypants
          700 rules sounds a lot. How many VLANs and remote VPNs ? How many WAN connections? OPSF? BGP? It may be, that lots of the rules are not needed anymore, Pfsense has a lot of automatic rules, which are not needed to configure automatically.

          <a href="https://carsonlam.ca">bintang88</a>
          <a href="https://carsonlam.ca">slot88</a>

          1 Reply Last reply Reply Quote 0
          • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
          • M Offline
            Mike115
            last edited by

            That's a smart move!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.