Solved

Migrating from Cisco ASA to Sonicwall NS2400

Posted on 2013-11-25
  • Hardware Firewalls
  • Cisco
  • Networking
  • Network Management
  • Network Security
  • +1
9
3,569 Views
Last Modified: 2016-12-04
Hello, I want to migrate settings from a Cisco ASA firewall to a Sonicwall NS2400. I have a text dump of all the ASA settings (address objects, rules, etc). Is there an easy way to import them into the NS2400? Obviously I don't want to have to do them one-by-one through the GUI. Thanks!
0
Comment
Question by:criskrit
9 Comments
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39676579
0
 

Author Comment

by:criskrit
ID: 39676690
WOW!!!!!! This tool rocks!!!

next question: is there a "compete idiot's guide" to Sonicwall CLI? I have never used it before.

thanks!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39676936
It's nothing terrific...I'll just preface it that way to prepare you. Between the <your.public.IP>/diag.html and the GUI you will be able to configure whatever you need. I'd avoid it personally but here you are :)

Here is how to login via CLI:

SonicWALL UTM appliances provide support for command line interface (CLI) commands to monitor and manage the device. Note that only one session at a time can configure the SonicWALL, whether the session is on the GUI or the CLI (serial console). For instance, if a CLI session goes to the config level, it will ask you if you want to preempt an administrator who is at config level in the GUI or CLI session.

Alert: The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices are shipped with a default password of password.

Deployment Steps:
Step 1: Initiating a Management Session using the CLI
Step 2: Logging in to the SonicOS CLI
Ceveats:
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

Step 1: Initiating a Management Session using the CLI
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer.  
2. Launch any terminal emulation application that communicates with the serial port connected to the appliance (For example: Windows HyperTerminal, which is built into the Windows XP OS).  SonicWALL UTM Support recommends a freeware program called Teraterm Pro, which has been found to be stable and better at capturing output from CLI sessions.  You can download this program from Ayera.com's download page (http://www.ayera.com/teraterm/download.cfm), which requires a name and email address.
Use these settings:
115,200 baud (9600 for TZ170)
8 data bits
no parity
1 stop bit
no flow control
3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.
Step 2: Logging in to the SonicOS CLI
When the connection is established, log in to the security appliance:
1. At the User: prompt enter the Admin’s username. Only the admin user will be able to login from the CLI. The default Admin username is admin. The default can be changed.
2. At the Password: prompt, enter the Admin’s password. If an invalid or mismatched username or password is entered, the CLI prompt will return to User:, and a “CLI administrator login denied due to bad credentials” error message will be logged. There is no lockout facility on the CLI.

Here is how to configure GUI via CLI:

This is an attempt to cover all CLI commands related to web management on the SonicWALL UTM appliance. In this scenario I've used an NSA 240 appliance for demonstration purposes for these commands.

Caution: Most of the CLI commands are case-sensitive hence upper case characters are marked in underline & bold.

NOTE: You may use the show web-management command to verify the other commands thereafter.

Deployment Steps:
 
Command 1 - Display the Web-Management status and configuration.
Show web-management

Open in new window

OUTPUT
NSA 240> show web-management                           

http per-interface status:                          
  X0:   enabled               
  X1:   enabled               
  X2:   disabled                
  X3:   disabled
  X4:   disabled
  X5:   disabled
  X6:   disabled
  X7:   disabled
  X8:   disabled
  M0:   disabled

http port:      80

https per-interface status:
  X0:   enabled
  X1:   enabled
  X2:   disabled
  X3:   disabled
  X4:   disabled
  X5:   disabled
  X6:   disabled
  X7:   disabled
  X8:   disabled
  M0:   enabled

https port:     443

NSA 240> logout (This command will logout of CLI)

Open in new window

Command 2 - Enables/disables HTTP web management.
In this example you can enable the HTTP management on the X2 Interface, to make changes to the appliance you have to first enter into Configure Mode by entering the “configure” command.
[no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5>

Open in new window

OUTPUT
NSA 240> configure
(config[NSA 240])> web-management http enable X2
(config[NSA 240])>end
NSA 240>

Open in new window

Command 3 - Assigns the HTTP web management port or reset to default.
Enables/disables HTTP web management.
web-management http port <tcp port or 'default'>

Open in new window

OUTPUT
Example 1:

NSA 240> configure
(config[NSA 240])> web-management http port 8080
(config[NSA 240])> end
NSA 240>


Example 2:

NSA 240> configure
(config[NSA 240])> web-management http port default
(config[NSA 240])> end
NSA 240>

Open in new window

Command 4 - Enables/disables HTTPS web management.
In this example we will be enabling the HTTPS management on the X2 Interface, to make changes to an interface you have to first enter into Configure Mode by entering the “configure” command.
[no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5>

Open in new window

OUTPUT
NSA 240> configure
(config[NSA 240])> web-management https enable X2
(config[NSA 240])>end
NSA 240>

Open in new window

Command 5 - Assigns the HTTPS web management port or resets to default.
web-management https port <tcp port or 'default'>

Open in new window

OUTPUT
Example 1:

NSA 240> configure
(config[NSA 240])> web-management https port 4443
(config[NSA 240])> end
NSA 240> 

Example 2:

NSA 240> configure
(config[NSA 240])> web-management https port default
(config[NSA 240])> end
NSA 240>

Open in new window

Command 6 - Restores default web-management port and interface assignments.
web-management restore

Open in new window

OUTPUT
NSA 240>
NSA 240> configure
config[NSA 240])> web-management restore

http enabled on 1 interface.
http disabled on 9 interfaces.
https enabled on 1 interface.
https disabled on 9 interfaces.

(config[NSA 240])>end
NSA 240>

Open in new window

Ceveats:
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

Attached is the complete CLI Guide for SonicWALL.

Hope that helps...you got two for one too!
SonicWALL-SonicOS-CLI-Guide.pdf
1
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39677864
You can also ssh over port 22. Default LAN is x0
Default ip is 192.168.168.168
https://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=598
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:criskrit
ID: 39678178
You are amazing! Thanks, i will look into these and open new question if necessary. :-)
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39678713
You're welcome - my pleasure! Thanks for the points!
0
 

Expert Comment

by:FlatheadIT
ID: 41381534
I noticed that this tool only performs PIX firewall support - what about ASA55...x series firewalls?  Also, I noticed that VPN settings are not supported - will this be coming soon?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 41911885
It supports the following, which includes ASA although the ASA models are not noted it worked for the OP:

Cisco PIX/ASA - PIX 4.x, PIX 5.x, PIX 6.x, PIX 7.x, PIX 8.x
Check Point - Smart Center, Provider-1 (excluding VPN-1 Edge, Safe@Office, SMP) with OS NG FP1 (4.0)
Juniper - NetScreen Series, SRX Series, SSG Series
Palo Alto       - PA-200, PA-500, PA-2000, PA-3000, PA-4000, PA-5000 Series
Fortinet - FortiGate Firewall Platform
Watchguard - FireBox, XTM Series
Sonicwall - TZ, NSA, SuperMassive
0
 
LVL 2

Expert Comment

by:Peter Wilson
ID: 41912307
Thanks for providing this tool. Very helpful!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail Account risks 4 78
Creating and Connection two new domains 5 79
Issue with seeing default gateway on ASA 5506 firewall 4 37
Load Balancing 3 15
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now