Solved

Migrating from Cisco ASA to Sonicwall NS2400

Posted on 2013-11-25
  • Hardware Firewalls
  • Cisco
  • Networking
  • Network Management
  • Network Security
  • +1
9
3,488 Views
Last Modified: 2016-12-04
Hello, I want to migrate settings from a Cisco ASA firewall to a Sonicwall NS2400. I have a text dump of all the ASA settings (address objects, rules, etc). Is there an easy way to import them into the NS2400? Obviously I don't want to have to do them one-by-one through the GUI. Thanks!
0
Comment
Question by:criskrit
9 Comments
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
0
 

Author Comment

by:criskrit
Comment Utility
WOW!!!!!! This tool rocks!!!

next question: is there a "compete idiot's guide" to Sonicwall CLI? I have never used it before.

thanks!
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
It's nothing terrific...I'll just preface it that way to prepare you. Between the <your.public.IP>/diag.html and the GUI you will be able to configure whatever you need. I'd avoid it personally but here you are :)

Here is how to login via CLI:

SonicWALL UTM appliances provide support for command line interface (CLI) commands to monitor and manage the device. Note that only one session at a time can configure the SonicWALL, whether the session is on the GUI or the CLI (serial console). For instance, if a CLI session goes to the config level, it will ask you if you want to preempt an administrator who is at config level in the GUI or CLI session.

Alert: The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices are shipped with a default password of password.

Deployment Steps:
Step 1: Initiating a Management Session using the CLI
Step 2: Logging in to the SonicOS CLI
Ceveats:
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

Step 1: Initiating a Management Session using the CLI
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer.  
2. Launch any terminal emulation application that communicates with the serial port connected to the appliance (For example: Windows HyperTerminal, which is built into the Windows XP OS).  SonicWALL UTM Support recommends a freeware program called Teraterm Pro, which has been found to be stable and better at capturing output from CLI sessions.  You can download this program from Ayera.com's download page (http://www.ayera.com/teraterm/download.cfm), which requires a name and email address.
Use these settings:
115,200 baud (9600 for TZ170)
8 data bits
no parity
1 stop bit
no flow control
3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.
Step 2: Logging in to the SonicOS CLI
When the connection is established, log in to the security appliance:
1. At the User: prompt enter the Admin’s username. Only the admin user will be able to login from the CLI. The default Admin username is admin. The default can be changed.
2. At the Password: prompt, enter the Admin’s password. If an invalid or mismatched username or password is entered, the CLI prompt will return to User:, and a “CLI administrator login denied due to bad credentials” error message will be logged. There is no lockout facility on the CLI.

Here is how to configure GUI via CLI:

This is an attempt to cover all CLI commands related to web management on the SonicWALL UTM appliance. In this scenario I've used an NSA 240 appliance for demonstration purposes for these commands.

Caution: Most of the CLI commands are case-sensitive hence upper case characters are marked in underline & bold.

NOTE: You may use the show web-management command to verify the other commands thereafter.

Deployment Steps:
 
Command 1 - Display the Web-Management status and configuration.
Show web-management

Open in new window

OUTPUT
NSA 240> show web-management                           

http per-interface status:                          
  X0:   enabled               
  X1:   enabled               
  X2:   disabled                
  X3:   disabled
  X4:   disabled
  X5:   disabled
  X6:   disabled
  X7:   disabled
  X8:   disabled
  M0:   disabled

http port:      80

https per-interface status:
  X0:   enabled
  X1:   enabled
  X2:   disabled
  X3:   disabled
  X4:   disabled
  X5:   disabled
  X6:   disabled
  X7:   disabled
  X8:   disabled
  M0:   enabled

https port:     443

NSA 240> logout (This command will logout of CLI)

Open in new window

Command 2 - Enables/disables HTTP web management.
In this example you can enable the HTTP management on the X2 Interface, to make changes to the appliance you have to first enter into Configure Mode by entering the “configure” command.
[no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5>

Open in new window

OUTPUT
NSA 240> configure
(config[NSA 240])> web-management http enable X2
(config[NSA 240])>end
NSA 240>

Open in new window

Command 3 - Assigns the HTTP web management port or reset to default.
Enables/disables HTTP web management.
web-management http port <tcp port or 'default'>

Open in new window

OUTPUT
Example 1:

NSA 240> configure
(config[NSA 240])> web-management http port 8080
(config[NSA 240])> end
NSA 240>


Example 2:

NSA 240> configure
(config[NSA 240])> web-management http port default
(config[NSA 240])> end
NSA 240>

Open in new window

Command 4 - Enables/disables HTTPS web management.
In this example we will be enabling the HTTPS management on the X2 Interface, to make changes to an interface you have to first enter into Configure Mode by entering the “configure” command.
[no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5>

Open in new window

OUTPUT
NSA 240> configure
(config[NSA 240])> web-management https enable X2
(config[NSA 240])>end
NSA 240>

Open in new window

Command 5 - Assigns the HTTPS web management port or resets to default.
web-management https port <tcp port or 'default'>

Open in new window

OUTPUT
Example 1:

NSA 240> configure
(config[NSA 240])> web-management https port 4443
(config[NSA 240])> end
NSA 240> 

Example 2:

NSA 240> configure
(config[NSA 240])> web-management https port default
(config[NSA 240])> end
NSA 240>

Open in new window

Command 6 - Restores default web-management port and interface assignments.
web-management restore

Open in new window

OUTPUT
NSA 240>
NSA 240> configure
config[NSA 240])> web-management restore

http enabled on 1 interface.
http disabled on 9 interfaces.
https enabled on 1 interface.
https disabled on 9 interfaces.

(config[NSA 240])>end
NSA 240>

Open in new window

Ceveats:
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

Attached is the complete CLI Guide for SonicWALL.

Hope that helps...you got two for one too!
SonicWALL-SonicOS-CLI-Guide.pdf
1
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
You can also ssh over port 22. Default LAN is x0
Default ip is 192.168.168.168
https://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=598
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:criskrit
Comment Utility
You are amazing! Thanks, i will look into these and open new question if necessary. :-)
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
You're welcome - my pleasure! Thanks for the points!
0
 

Expert Comment

by:FlatheadIT
Comment Utility
I noticed that this tool only performs PIX firewall support - what about ASA55...x series firewalls?  Also, I noticed that VPN settings are not supported - will this be coming soon?
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
It supports the following, which includes ASA although the ASA models are not noted it worked for the OP:

Cisco PIX/ASA - PIX 4.x, PIX 5.x, PIX 6.x, PIX 7.x, PIX 8.x
Check Point - Smart Center, Provider-1 (excluding VPN-1 Edge, Safe@Office, SMP) with OS NG FP1 (4.0)
Juniper - NetScreen Series, SRX Series, SSG Series
Palo Alto       - PA-200, PA-500, PA-2000, PA-3000, PA-4000, PA-5000 Series
Fortinet - FortiGate Firewall Platform
Watchguard - FireBox, XTM Series
Sonicwall - TZ, NSA, SuperMassive
0
 
LVL 2

Expert Comment

by:Peter Wilson
Comment Utility
Thanks for providing this tool. Very helpful!
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now