Back home
0

SOPHOS – Co všechno nepůjde při migraci UTM na XG pomocí Toolsu?

Pokud se použije nástroj Migration Tool k přenesení konfigurace UTM na XG, přestanou fungovat tyto věci a je potřeba je obnovit nebo nastavit znovu.

Hodně věcí se dozvíme z logu celé migrace ale tohle tam není.

Quote…

More Issues with converting from UTM 9.5 to XG (whatever) and testing on a like 135W device using the Tool as supplied to us as a Partner.

The X509 Certificate is still default on the device when an XG which means lots of stuff does not work. 

Delete all the certs (before) importing user or creating users.  What I mean here is under certificates delete all the X509 certs if they came over during the conversion.  These are the older certs from the UTM 9.5.  When you bring over your domain users they map to the X509 certs.  If you build a remote VPN solution for users they get the X509 Cert.  This means the Remote VPN solution wont work.  Solution:  delete users with X509 Certs.  Then make sure Default Certificate is completely filled out with your details — Not Sophos Details in the UK.  This is found under Certificates–> Certificate Authorities–> default.  If it registered to Sophos in the UK its not you.  Fill it out as your firm and save changes.

  • Then Regenerate the Certificate Authority. 
  • Then regenerate the Appliance Certificate. 
  • Then recreate the users (perhaps you domain attached–re-import etc).

Make sure ANY of the users have a „Per User Certificate“ from the newly regenerated CA/Applicance Cert (both need regenerating as I said above).

Make sure the VPN certificate is „ApplianceCertificate“ (not the UTM Cert type)

Make sure the HTTPS Scanning Cert is the „Security Appliance SSL CA Cert“ and not any other certificate.

Without doing the above on your Converted XG:

  • VPN wont work
  • SSL Scanning wont work
  • 2 form authentication wont work

Also.  we converted UTM 9.5 to XG 171MR2.  Another gotcha is we used a licensed and synchronized secured device — bad move.  Under Synchronized Security –> Clear Registration before modeling or testing.  This is very important!!!!!!    Otherwise the XG, if you clone it, says it is registered in the backend and not show in the GUI.

Hope this helps,


Have your say