We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Firmware Version Is End-Of-Support

As of December 1st, 2018, all new sales for Barracuda NextGen Firewall X Series products have ceased. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time. December 1st 2019: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until the End of Live definition as described in the End of Support and End of Life Information.

How to migrate an X-Series Firewall Configuration to a CloudGen Firewall

  • Last updated on

X-Series to CloudGen Migration

You can migrate the configuration from an X-Series Firewall to a CloudGen Firewall. However, before migrating, you must verify that certain conditions are met. You can only migrate an X-Series Firewall model with a firmware version greater than or equal to 7.1.3 to a target CloudGen Firewall model with a firmware version greater than or equal to 7.2.1. The following table shows which X-Series models can be migrated to a special CloudGen Firewall model.

X-Series Firewall Model CloudGen Firewall Model
X50



F80 Rev. A

X51
X100
X101
X200


F180 Rev. A

X201
X300 F280 Rev. B
X400 F380 Rev. A
X600 F400 Rev. B

Only migrate an X-Series Firewall to a CloudGen Firewall with a factory default configuration. For more information, see  How to Reset a Hardware F-Series Firewall to Factory Defaults.

Migration of Information from the X-Series to the CloudGen Firewall

The following information WILL NOT BE imported into the CloudGen Firewall:

Information

Comment
Management IP configuration

To avoid conflicting management IP addresses on the X-Series and CloudGen Firewalls, the management IP address will not be migrated to the CloudGen Firewall.

Bridging For security reasons, bridging configuration is not migrated to the CloudGen Firewall.
Authoritative DNS Authoritative DNS is not available on CloudGen Firewalls with the Web UI.
Backups Creating backups on an X-Series Firewall provides completely different options than on a CloudGen Firewall.
Logs No log files from an X-Series Firewall are migrated to a CloudGen Firewall.
System serial / licenses The target system has its own serial number / licenses.
Access Rules
  • All access rules with "Redirect to Service Details" set to "Proxy".
  • All access rules with "Redirect to Service Details" set to "DNS".
User credentials

The password will be the default one on the new CloudGen Firewall. Also note that the user name is different by default:

  • X-Series is "admin"
  • CloudGen is "root"

The following information WILL BE updated during migration to the CloudGen Firewall:

Information

Comment
Interface Groups Only custom configured interface groups will be transferred to the CloudGen firewall.
Predefined interface group configurations will be omitted.
Network objects
  • Custom and predefined network objects are imported into a common table on the CloudGen firewall.
  • 3G is renamed to WWAN.
Service objects
  • Predefined service objects are not imported on the CloudGen firewall.
  • Custom service objects are imported into a common table on the CloudGen firewall. Both custom AND predefined service objects are editable on the CloudGen firewall.

The following port numbers are changed:

  • ENDPOINTMAPPER: port changed from TCP 113 to TCP 135 UDP 135
  • RDP: TCP 3389 to TCP 3389 UDP 3389
  • SMTPS: TCP 587 to TCP 465 587
Connection objects

Connection objects are renamed:

  • Dynamic SNAT is renamed to Dynamic NAT.
  • No SNAT is renamed to Original Source IP.

Client-to-Site VPN Settings

To authenticate a VPN tunnel on the X-Series Firewall, you can select one of three options in the section IPSEC SETTINGS. Note that because the option Shared Key is not present on the CloudGen Firewall, the option Shared Key or Client Certificate is set in case Shared Key was previously set on the X-Series Firewall.
cg_vpn_shared_key_or_client_certificate.png

Step 1. Create a Configuration Backup of Your X-Series Firewall

  1. Log into your X-Series Firewall.
  2. Go to ADVANCED > Backups.
  3. In the MANUAL BACKUPS section, click Backup Now.
    xs_create_backup.png
  4. Depending on the specific settings of your browser, the file will be saved to your computer.

Step 2. Restore the Configuration Backup to Your CloudGen Firewall

  1. Log into your CloudGen Firewall.
  2. Go to ADVANCED > Backups.
  3. Click in the address bar of your browser and append &expert=1 to the current URL.
    enable_expert_mode_00.png
  4. The firewall will reload the page in expert mode, which adds additional configuration fields and is indicated by the highlighted menu bar item Expert Variables.
    cg_now_in_expert_mode.png
  5. In MIGRATE FROM X-SERIES FIREWALL, click Restore from X-Series BAK file.
    cg_restore_from_xs_bak.png
  6. In the Restore from X-Series BAK file window, read the information.
  7. If it is safe for you to do so, click Select X-Series BAK file.
    cg_restore_from_xs_bak_notification.png
  8. In the file selection window, select the backup file to restore from.
  9. The firewall loads the configuration data from the backup file and restarts with the new configuration setup.
  10. The firewall shows a window indicating that migration is in progress.
    migrating x-series.png
  11. Log into the CloudGen Firewall.
  12. To re-activate the network configuration changes, click click here inside of the info box.
    cg_reactive_network_changes.png
  13. After the network re-activation is complete, your CloudGen Firewall will display the current firmware version number.

Scroll to the bottom of the web page and verify that the migrated version is the same as on your X-Series Firewall, e.g.:
cg_version_after_migration.png

Step 3. (optional) Make Final Configuration Changes to Your New CloudGen Firewall

You now have two firewalls running with different management IP addresses and different box level configurations. Because some configurations were not migrated, you can now decide whether to reconfigure them manually on the CloudGen Firewall.

If you want to replace your X-Series Firewall, reconfigure the CloudGen Firewall with the management IP address of your X-Series Firewall and power off the X-Series Firewall.

Last updated on