X-Series to CloudGen Migration
You can migrate the configuration from an X-Series Firewall to a CloudGen Firewall. However, before migrating, you must verify that certain conditions are met. You can only migrate an X-Series Firewall model with a firmware version greater than or equal to 7.1.3 to a target CloudGen Firewall model with a firmware version greater than or equal to 7.2.1. The following table shows which X-Series models can be migrated to a special CloudGen Firewall model.
|NGX Model||NICs||WIFI||NGF Model||NICs||WIFI||Comments|
|X50||4||-||F18a||4||-||F18 has 4 GB RAM and 50 GB (or higher) SSD storage.|
|X51||4||Yes||F80||4||Yes||F80 has 4 GB RAM and 50 GB (or higher) SSD storage.|
|X100||4||-||F18a||4||Yes||F18 has 4 GB RAM and 50 GB (or higher) SSD storage.|
|X101||4||Yes||F80||4||Yes||F80 has 4 GB RAM and 50 GB (or higher) SSD storage.|
|X200||4||-||F18a or F180||6 + Switch(8x)||Yes|
F18 has 4 GB RAM and 50 GB (or higher) SSD storage. F180 is larger, has more ports (+2) and has an 8-port unmanaged switch (8x).
|X201||4||Yes||F180||6 + Switch(8x)||Yes||F180 is larger, has more ports (+2) and has an 8-port unmanaged switch (8x).|
|X300||6||-||F280||6 + Switch(8x)||Yes||F280 additional has the switch (8x)|
|X600||8||-||F400||8||-||F400 is the largest model that supports Web-UI.|
F600.C10 does not have a Web-UI.
Migration of Information from the X-Series to the CloudGen Firewall
Note: The following information will NOT be imported into the CloudGen Firewall:
|Management IP configuration|
To avoid conflicting management IP addresses on the X-Series and CloudGen Firewalls, the management IP address will not be migrated to the CloudGen Firewall.
|Bridging||For security reasons, bridging configuration is not migrated to the CloudGen Firewall.|
|Authoritative DNS||Authoritative DNS is not available on CloudGen Firewalls with the Web UI.|
|Backups||Creating backups on an X-Series Firewall provides completely different options than on a CloudGen Firewall.|
|Logs||No log files from an X-Series Firewall are migrated to a CloudGen Firewall.|
|System serial / licenses||The target system has its own serial number / licenses.|
The password will be the default one on the new CloudGen Firewall. Also note that the user name is different by default:
Note: The following information WILL be updated during migration to the CloudGen Firewall:
|Interface Groups||Only custom configured interface groups will be transferred to the CloudGen firewall.|
Predefined interface group configurations will be omitted.
The following port numbers are changed:
Connection objects are renamed:
Client-to-Site VPN Settings
To authenticate a VPN tunnel on the X-Series Firewall, you can select one of three options in the section IPSEC SETTINGS. Note that because the option Shared Key is not present on the CloudGen Firewall, the option Shared Key or Client Certificate is set in case Shared Key was previously set on the X-Series Firewall.
Step 1. Create a Configuration Backup of Your X-Series Firewall
- Log into your X-Series Firewall.
- Go to ADVANCED > Backups.
- In the MANUAL BACKUPS section, click Backup Now.
- Depending on the specific settings of your browser, the file will be saved to your computer.
Step 2. Restore the Configuration Backup to Your CloudGen Firewall
- Log into your CloudGen Firewall.
- Go to ADVANCED > Backups.
- Click in the address bar of your browser and append
&expert=1to the current URL.
- The firewall will reload the page in expert mode, which adds additional configuration fields and is indicated by the highlighted menu bar item Expert Variables.
- In MIGRATE FROM X-SERIES FIREWALL, click Restore from X-Series BAK file.
- In the Restore from X-Series BAK file window, read the information.
- If it is safe for you to do so, click Select X-Series BAK file.
- In the file selection window, select the backup file to restore from.
- The firewall loads the configuration data from the backup file and restarts with the new configuration setup.
- The firewall shows a window indicating that migration is in progress.
- Log into the CloudGen Firewall.
- To re-activate the network configuration changes, click click here inside of the info box.
- After the network re-activation is complete, your CloudGen Firewall will display the current firmware version number.
Scroll to the bottom of the web page and verify that the migrated version is the same as on your X-Series Firewall, e.g.:
Step 3. (optional) Make Final Configuration Changes to Your New CloudGen Firewall
You now have two firewalls running with different management IP addresses and different box level configurations. Because some configurations were not migrated, you can now decide whether to reconfigure them manually on the CloudGen Firewall.
If you want to replace your X-Series Firewall, reconfigure the CloudGen Firewall with the management IP address of your X-Series Firewall and power off the X-Series Firewall.