Moving from ASA5512x to PFSense
-
Guys,
I have a pair of Cisco ASA5512x firewalls which go EOL in a few months time. I decided its time to move to PFsense 2.6.0 and I'm looking at ways to speed the process along.
First thing - does anyone have any advice based upon their own "been there ... done that" experience they are willing to share?
If not, biggest hurdle I've found so far is the lack of ability to change the firewall config via the CLI. I have around 700 filter rules on the ASA, and I don't want to have to sit at a GUI and type them all in.
To get around this, I've experimented with adding rules by editing and restoring XML backup files, then restoring. That seems to work, but can't help feeling that there must be a better way.
Before I take the next step and try and put together a few lines of Perl to [even halfway] convert ASA rules to XML, thought I'd better check I'm not re-inventing the wheel here ...
Any thoughts and suggestions most gratefully received.
Thanks
ChIP
-
@fartypants said in Moving from ASA5512x to PFSense:
Any thoughts and suggestions most gratefully received.
Hi,
This has been asked by several people in relation to different migrations, I have not yet come across rule converters for pfSense
the good news is that you only have to do it once and your idea is not bad with xml, but you have to check it anyway, ergo you will definitely check the rule from GUI and and once you're there...
-
@fartypants
700 rules sounds a lot. How many VLANs and remote VPNs ? How many WAN connections? OPSF? BGP? It may be, that lots of the rules are not needed anymore, Pfsense has a lot of automatic rules, which are not needed to configure automatically. -
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
That's a smart move!