SonicWall NSA3500 to NSA3600 upgrade problem

I am in the process of replacing a SonicWall NSA3500 with an NSA3600. I have exported the settings from the NSA3500 and imported them into the NSA3600. All interface settings, access rules, address objects, etc. seem to have transferred correctly.

My local LAN has a number of subnets and VLANs. When I connect the new firewall, the only subnet that can reach the Internet is 10.1.x.x. This of course worked properly with the NSA3500. All subnets are in an address group which has an access rule to reach the public Internet.

Does the new firewall OS handle access rules differently, or is there some issue with importing settings from an older version? I've got a few hundred address objects and access rules that I would hate to have to enter from scratch.
 
NSA3500 firmware: SonicOS Enhanced 5.8.0.3-40o
NSA3600 firmware: SonicOS Enhanced 6.1.1.4-12n

network overview
LVL 1
johnbelangerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
Silly question: same port on the switch as the 3500?
0
carlmdCommented:
Have you checked the logs on the NSA3600 for any error messages?

Depending upon the switch, it may be a good idea to power cycle those in the vlan paths so that see the new mac address of the Sonicwall.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Hi johnbelanger,

Your Preferences migration is supported: https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=6974.

Keep in mind: In order to migrate Preferences properly you need to have the same SonicOS version or prior. Booting an older version of SonicOS Standard or Enhanced firmware with a preferences file created from the latest firmware version is not supported, and may cause subsequent configuration problems.

If you have two computers plug a computer into the LAN of the NSA 3500 and login to verify settings in a side-by-side manner with the NSA 3600 and compare the config details.

If you don't have access as described above print out the TSR (Technical Support Report), which should serve as a guide to compare with the NSA 3600.

Follow these steps to save a copy of a TSR.

Content Security Manager (CSM), SonicOS Enhanced or SonicOS Standard:
1. Select System > Diagnostics.
2. Under Technical Support Report, check all of the boxes labeled VPN Keys, ARP Cache, DHCP Bindings or IKE Info.
3. Click the button labeled "This will save a special file to your local disk. This file can be emailed to SonicWALL technical support to help us assist you with your problem".
4. Press OK to accept the warning message: You are about to export sensitive information in plaintext format. Continue?
5. Follow your browser's security prompts and select the file's location on your computer to start the download process.
Firmware 6.x:
1. Select Tools > Diagnostics.
2. Select the Tech Support Report diagnostic tool.
3. Check all of the boxes labeled VPN Keys, ARP Cache, DHCP Bindings or IKE Info.
4. Click the Save button.
5. Press OK to accept the warning message: You are about to export sensitive information in plaintext format. Continue?
6. Follow your browser's security prompts and select the file's location on your computer to start the download process.
Let me know how it goes!
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

carlmdCommented:
According to the Sonicwall Upgrade Guide importing from 5.8.1.1 to 6.1.1 is supported.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=581

So that is not your problem.  The first thing I would try is powering off switches as above, then get back to us.
0
Blue Street TechLast KnightCommented:
Yeah, that is what I said about the upgrade (http:#a39545951) - hope my verbiage wasn't confusing - I wanted to make @johnbelanger aware of the firmware policy migration standards if it came to that! I agree with @carlmd, to power cycle as a first step as he set forth here: http:#a39545755.
0
johnbelangerAuthor Commented:
Thanks for the suggestions.

Yes, it is in the same port on the switch. I took the same cable from the 3500 and plugged it into the 3600.

No errors on the 3600. I did verify the ARP table on the Cisco 3750 had the correct MAC address, but I didn't try rebooting it or clearing out the table.

I spent a day or so comparing the settings of the two units side-by-side, so I'm 95% confident the configs are identical, but I will export the TSRs, it may be easier to compare that way.

At this point it looks like powering off the switches may be the best bet, which will have to be a late night weekend project. I'll report back on Monday how it went.
0
Blue Street TechLast KnightCommented:
Sounds good! Keep us posted.
0
johnbelangerAuthor Commented:
Didn't have the opportunity to shut down the network last weekend, so am shooting for this weekend.
0
Blue Street TechLast KnightCommented:
OK thanks for the update.
0
johnbelangerAuthor Commented:
Restarting the switches seemed to do the trick.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.