Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2497
  • Last Modified:

Migrating Setings to Sonicwall NSA 3500 using CLI

I have an assignment to migrate settings from an old Juniper SSG140 firewall to a brand new Sonicwall HSA3500. I was given the configution file in the form of a .TXT file. It has almost 1000 line of code(commands). I don't want to have to sit for hours typing these commands into the Sonicwall (assuming the syntax and lanuguage are the same --Are they?). I know I can copy and paste from the TXT file to a hyperterminal window, but will this work and how many lines will I be able to copy and paste at a time? Is there a better way to handle this, like some conversion utilty?
0
PCGenieLA
Asked:
PCGenieLA
  • 10
  • 10
1 Solution
 
digitapCommented:
the sonicwall is configurable via the command line, but not in the sense you're looking for.  the primary interface is the web console.

here is a sonicwall KBs on the cli:

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6180

0
 
PCGenieLAAuthor Commented:
So this means I have to interprete the TXT file commands and then use the web console to enter the Sonicwall equivalents?
0
 
digitapCommented:
yes.  i can help with that if you like.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
PCGenieLAAuthor Commented:
That would be a big help. I have the TXT file, if you want to see it.
0
 
digitapCommented:
you may want to sanitize it for security before you post it here.  i have alternate methods in my profile...if you wish.
0
 
PCGenieLAAuthor Commented:
It's a small file. I can send it to you directly. LMK where.
0
 
digitapCommented:
check my EE profile...the particulars are there.
0
 
PCGenieLAAuthor Commented:
I just sent it to you.
0
 
PCGenieLAAuthor Commented:
I have just posted a saniized version of the configuration file from the Juniper SSG140
bm01-fw01-sanitized.txt
0
 
digitapCommented:
cool...give me some time to decipher and we'll get started...unless someone else jumps in, of course!
0
 
PCGenieLAAuthor Commented:
Ready when you are, CB.
0
 
digitapCommented:
ok...i see 688.225.17.226 and 2066.40.220.135.  which is your primary WAN IP and what's the other one do?

i also see that you are NAT'ing in RDP to several user workstations and servers.  i'd recommend getting those users on a VPN, then you don't have to mess with setting up the NAT/firewall rules.  I'd enable the ssl-vpn interface on the sonicwall.  it uses a clientless client, Netextender.  here's a KB on how to set that up.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6461

i see you are auth via RADIUS, is that correct?  the sonicwall can use LDAP, but let's establish what you're doing with RADIUS first.

i also see that you have an exchange server.  what i'd recommend here is to setup a service group for all the ports (sonicwall calls ports services) used by the Exchange server.  then, run the public server wizard selecting the service group instead of an individual service object.  the public server wizard will create the WAN > LAN firewall rules and three NAT policies; ingress, egress and loopback.  here's a KB on the public server wizard.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7027

i think that's enough for now.
0
 
PCGenieLAAuthor Commented:
This is all great stuff, but I have a problem with this approach. I have to travel to the site to do this job. So, if possible, I'd like to do as much of the configuration as possible before. If there is a way to write all this today and then upload a file to the Sonicwall, that would save trips and time. Also, Changing the configuration (ie Radius vs LDAP) is something to consider later, after I get this thing up and running. I want to inerfere with operations as little as possible.
0
 
digitapCommented:
i understand.  so, do you have the sonicwall with you?  i still need the details fleshed out in my query above, http:#a34944901.

the only way to "upload" configuration settings within a sonicwall is to setup the sonicwall and export the settings as a backup.  sonicwall does not provide a method for setting up the hardware offline and uploading those settings at a later time.
0
 
PCGenieLAAuthor Commented:
I don't have the Sonicwall with me, but since the Sonicwall is brand new out of the box, is there a way to backup/export its settings ( factory default setting) and rewrite the file (EXP format, right?) and then import it?
0
 
digitapCommented:
you can export the settings as an export file (EXP) or as a backup as part of the existing firmware.  however, there isn't a way currently provided by sonicwall to edit the settings of either file and reimport it back to the sonicwall.
0
 
PCGenieLAAuthor Commented:
OK, I'll just bite the bullet, use the web interface and hopefully understand all the elements of each section (ie. services, groups, interfaces, etc.)  But I'm not going to put the sonicwall online until I've done all the configuring and remote administration is good to go. Hopefully, I don't have to have it plugged all in to do so. I'll also look at the white papers you mentioned above.
 Finally, do you see any show stoppers in the rpesent setup? I shoudl know about those now.
0
 
digitapCommented:
you can setup the sonicwall without replacing the existing unit.  however and obviously, you'll not know for sure until you replace it.

not really.  i'll dig up some more KBs on things that i think you'll need as i look through your TXT file.  keep the question open so you can ask questions during the setup.

there isn't any reason why this should be a PIA to setup.  i think you'll find it pretty easy....minus the offline config of the files, of course...>GRIN<!
0
 
PCGenieLAAuthor Commented:
Well, I'm on the way to set this thing up this morning. A question has occurred to me. In the TXT file numerous passwords (including the admin logon)are defined by long alphnumeric strings, which I can assume are encryptions of normal passwords. In setting up the NSA, do I copy and paste those passwords from the TXT file to the NSA or is there another way to handle migrating passwords?
0
 
digitapCommented:
you won't be able to migrate the passwords.  you'll want to just create new ones.  i assume the users in the TXT were in the juniper's local database.  you can setup users in the sonicwall's local database or use RADIUS.  my guess is VPN auth was once handled by the juniper and moved to RADIUS auth...just a guess though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 10
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now