UTM Migration Portal Guide - Sophos
UTM Migration Portal Guide Document Date: January 2017 January 2017 Page 1 of 21
UTM Migration Portal Guide Contents Preface .3 How to use the Migration Portal .5 Steps to use the Migration Portal .6 Next Steps.16 Appendix A – List of UTM models that support SFOS .17 Appendix B – List of Sophos UTM Versions that are supported on migration portal .17 Appendix C – List of Sophos UTM Modules that are migrated .17 Appendix D – List of General Behavior .19 Appendix E – Downloading UTM Configuration .20 January 2017 Page 2 of 21
UTM Migration Portal Guide Preface Welcome to UTM Migration portal guide. UTM Migration Portal enables Sophos UTM customers to convert their UTM configuration to SFOS compatible configuration. This guide enables you to: Prepare for migrating your UTM to SFOS Know what gets migrated and what does not get migrated Understand how to use the migration portal Points to note before you begin: a) How to migrate your UTM to SFOS: a. Take configuration backup of your UTM appliance. b. Login to the migration portal and initiate a new migration by uploading your UTM configuration backup on the migration portal. c. Follow the steps to convert your UTM configuration to a SFOS compatible configuration. d. Reimage your UTM box to SFOS v16 (or higher version) using USB drive. e. Once your device boots with SFOS, you have 2 options: i. Evaluate SFOS for 30 days by selecting 30 Day Full Guard Trial option ii. Permanently migrate to SFOS by uploading your UTM license file f. Once the box boots up with SFOS, upload your converted SFOS configuration file on your appliance. b) Prepare for migration: a. Check if your box is ready for migration: i. Hardware - SG series hardware appliances support SFOS. If you have a UTM series appliance, contact your Sophos Partner or Sophos representative to upgrade your hardware. ii. Virtual appliance – Virtual / Software appliances with 2 GB RAM or more support SFOS. b. Firmware version: i. Migration Portal allows converting configuration backup for UTM appliances having 9.4x firmware. If your firmware version is less than UTM 9.4x, please upgrade to UTM 9.4 to use migration portal. c. UTM appliances in HA or Cluster: i. De-cluster your UTM appliances before upgrading them to SFOS. d. License Migration i. Your UTM license does not get auto-migrated to SFOS. You need to upload the UTM configuration file on the reimaged SFOS device to migrate your UTM license to an SFOS license e. Backup your data i. Take UTM configuration backup ii. Take license file backup iii. Download logs from your UTM appliance January 2017 Page 3 of 21
UTM Migration Portal Guide f. If you plan to import the converted SFOS configuration on another appliance, then ensure that the number of used interfaces in UTM is not more than that supported on the SFOS appliance. g. 90 days retention on migration portal i. Please complete migrating your configuration within 90 days of initiating a new migration. Migration portal retains the migration session (and configuration) only for 90 days post which it is deleted. c) What gets migrated To know about what gets migrated, Appendix C. January 2017 Page 4 of 21
UTM Migration Portal Guide How to use the Migration Portal The migration portal is designed to migrate your UTM configuration to SFOS compatible configuration. Access the UTM Migration Portal Internal Preview – https://fwmigrate.sophos.com The migration portal covers below sections: 1. Signing up on the portal You need to sign-up on the portal by creating a SophosID. As you login, you see the Terms of service that you can Accept to continue. 2. Learn about Migration The Overview section provides an understanding of which UTM versions are supported for migration, what gets migrated. 3. Upload UTM configuration Create a new migration and upload your UTM configuration which you want to migrate to SFOS. 4. Migration process After uploading your UTM configuration, the migration portal auto-migrates UTM configuration for modules supported in migration to the extent it can. Configurations that cannot be migrated or where a user intervention is necessary are raised as exceptions (errors or warnings). User needs to address these exceptions manually on the portal. 5. Downloading configuration Once the configuration is migrated (and exceptions handled) you can download the compatible SFOS configuration. 6. Preview XG configuration For advanced users, UTM Migration portal provides an option to preview the SFOS configuration and add any configuration in the modules supported for migration. January 2017 Page 5 of 21
UTM Migration Portal Guide Steps to use the Migration Portal Step 1 Login to UTM Migration portal Login to UTM Migration Portal. During internal preview you can access the migration portal using https://preview.fwmigrate.sophos.com. Click Sign In to continue. Verify your login using the Security Code sent to your device. Click Submit to continue. January 2017 Page 6 of 21
UTM Migration Portal Guide Step 2 Accept Terms and Conditions After successful authentication, you will be directed to the Terms of Service page. You need to accept the terms and conditions of the services to proceed further. Click Next to continue with migration. Step 3 Learn about Migration After accepting Terms of Service, you will be redirected to the following screen. This section provides an understanding of which UTM versions are supported for migration, what gets migrated. January 2017 Page 7 of 21
UTM Migration Portal Guide Step 4 Start new migration session You will be directed to the page where you can start a new migration session. Here, you can also check previously carried out migration sessions. You can either finish incomplete migrations or get details of the completed migrations. Click Start New Migration. Step 5 Upload UTM Configuration File to start migration To start a new Migration Session, the first step will be to upload UTM Configuration File. Refer How to Download UTM Configuration. January 2017 Page 8 of 21
UTM Migration Portal Guide Parameters Description Session Name Description Configuration File Specify the name of the Migration Session. Specify the description for the Migration Session. Upload the Sophos UTM Configuration File by selecting Choose File. This field is required only if the configuration file to be uploaded is encrypted. Provide the password used to encrypt the configuration file. Password Note: Do not provide password if you are uploading unencrypted configuration file of .abf file extension. Click Next to start migration. Step 6 – Auto-migration After uploading your UTM configuration, the migration portal auto-migrates UTM configuration for modules supported in migration to the extent it can. January 2017 Page 9 of 21
UTM Migration Portal Guide Step 7 Once the auto-migration is completed, the following screen will be displayed. Configurations that cannot be migrated or where a user intervention is necessary are raised as exceptions (errors or warnings). User needs to address these exceptions manually on the portal. The above image shows the number of exceptions that the user needs to handle manually. Exceptions occur when there is a conflict between UTM and SFOS configurations. These conflicts needs to be resolved to complete the migration process. Click Continue with Exception Handling to resolve the Exceptions and finish the migration process. On clicking Save & Exit, the Sophos UTM configuration file and the converted SFOS configuration file will be saved on the Portal. The Migration Session will be saved and will be reflected in the list of migrations carried out shown in Step 3. January 2017 Page 10 of 21
UTM Migration Portal Guide Step 8 – View Exception List On clicking Save & Exit as shown in step 5, you will be directed to the Exception List which will display the list of Exceptions encountered during migration. Exceptions are of two types: Errors – Errors appear in red on the Exception List. They are the conflicts that cannot be resolved automatically during migration and needs a user intervention to address them. Warnings – Warnings appear in orange on the Exception List. These are migraed configuration entities but pose a connectivity or security risk and so a user intervention is required to review it to accept recommendation or make appropriate changes. Exceptions are listed in the below screen. It gives details about the XG entity with navigation paths on left and UTM entity reference on right and the Exception details below it. You can get migration logs for auto-migrated entities and exceptions handled and pending on the Migration Portal UI and also download it. Read the Exception details and choose the below actions accordingly: On clicking Resolve (Highlighted in red), you will be directed to the page where you can resolve a particular Exception. To resolve the exceptions, refer messages on the exception list to check the entities which needs to be updated for SFOS configurations. January 2017 Page 11 of 21
UTM Migration Portal Guide Accept is visible against an exception only when it is a warning. On clicking Accept (Highlighted in yellow), the migration done by the portal for which the Warning is raised is accepted. On Clicking View Logs, you will be able to check the details of the migrated configuration. An option to Download Logs (Highlighted in red in the below screenshot) is available for downloading logs. This is helpful for the following scenarios: To trace back all the resolved Exceptions for troubleshooting purpose if required Send it to Sophos Support team in case any help is required. To refer resolved Exceptions later on in offline mode. On the View Logs screen you can filter the logs (Highlighted in green) using the following criteria: Auto-Migrated - Entities automatically migrated without any change by the migration portal. Accepted - Entities with warnings accepted by the user. Auto-Resolved - Entities automatically migrated with changes based on SFOS requirements. Resolved - Entities with exceptions resolved manually by the user. Deleted - Exceptions or Entities deleted by the user. Unresolved - Entities with unresolved exceptions. All - All entities January 2017 Page 12 of 21
UTM Migration Portal Guide Step 9 – Resolve Exceptions To resolve Exceptions click Resolve as shown in Step 6. Here, the Sophos Firewall specific configuration page for that particular entity will be displayed. You can set the configurations to solve the exception as per your requirement. Refer the exception details mentioned on the floating popup on the right side of the screen. On clicking Delete, the Exception will be deleted and the configuration will not be migrated. On clicking Cancel, no changes will be made and you will be directed to the Exception List. Click Save and Continue to save the updated configuration and continue to solve the next exception. Click Save & Return to save the updated configuration and go back to the Exception List to solve other Exceptions. January 2017 Page 13 of 21
UTM Migration Portal Guide Step 10 – Download Configuration After resolving the exceptions, the migration of all the configuration will be completed. Click Download Migrated Config to download the configuration file converted from Sophos UTM to Sophos Firewall to complete the migration process. The downloaded file will be of device.backup file extension. The other available operations that can be done on migration sessions are explained below: Edit Configuration: Click to edit the configuration. Download Migrated Config: The converted SFOS configuration file can be downloaded by selecting this option. Download Migration Logs: The Migration Logs can be downloaded by selecting this option. View Migration Logs: The Migration Logs can be viewed by selecting this option. Delete: You can delete the completed migration by selecting this option. Continue Migration: The incomplete migration can be continued by selecting this option. Discard Migration: You can delete the incomplete migration by selecting this option. January 2017 Page 14 of 21
UTM Migration Portal Guide Preview mode for Advanced Users For advanced users, UTM Migration portal provides an option to preview the SFOS configuration and add any configuration in the modules supported for migration. Note that any configuration changes you make here will be applied in the converted SFOS configuration file. Click Close Preview to go back to configure the exceptions. January 2017 Page 15 of 21
UTM Migration Portal Guide Next Steps Reimage your UTM to SFOS After you have downloaded SFOS configuration using the portal, you now have to prepare your UTM device for migration. Reimage your UTM appliance and install SFOS on it. Refer below articles for more details: https://community.sophos.com/kb/hu-hu/115879 https://community.sophos.com/kb/hu-hu/124588 Apply the SFOS configuration on the reimaged box Once the converted SFOS configuration file is downloaded, you can configure it on the XG device by using the following steps: 1. Login to Sophos Firewall Admin Console as an administrator with Read-Write permission for relevant feature(s). 2. Go to System Backup & Firmware Backup & Restore. In the Backup Restore section, click Choose File and select the converted configuration file. 3. Click Upload and Restore to import the configuration. Review and complete rest of the configuration on the SFOS device After you have restored SFOS configuration, configure rest of the configuration using the Sophos Firewall Admin Console. January 2017 Page 16 of 21
UTM Migration Portal Guide Appendix A – List of UTM models that support SFOS SG series hardware appliances Virtual appliances with more than 2 GB RAM Appendix B – List of Sophos UTM Versions that are supported on migration portal Migration is supported for UTM versions 9.4 and above. Appendix C – List of Sophos UTM Modules that are migrated Section System Settings Web Admin Settings Sub-Section Time & Date HTTPS Certificate Advanced Definition & Users Network Definitions Host Network Group DNS Host DNS Group Network Range Multi-cast Group Availability Group Definition & Users MAC Address Definitions Definition & Users Time Period Definitions Definition & Users Service Definitions MAC Address Definitions Time Period Definition Service Definition TCP UDP TCP /UDP ICMP/ICMPv6 IP Group Definition & Users Authentication Services Servers eDirectory Active Directory LDAP RADIUS TACACS Definition & Users Authentication Services Advanced Block Password Guessing Local Authentication Passwords Definition & Users Client Authentication Interfaces & Routing Interfaces Interfaces Interfaces & Routing Interfaces Additional Addresses Interfaces & Routing Interfaces Uplink Balancing January 2017 STAS Ethernet(Type) & Ethernet VLAN(Type) Additional Addresses Uplink Balancing Page 17 of 21
UTM Migration Portal Guide Interfaces & Routing Interfaces Hardware Interfaces & Routing Uplink Monitoring Advanced Hardware Automatic Monitoring Prefix advertisements IPV6 Prefix Advertisements Interfaces & Routing Static Routing Standard Static Routes Interface Route Gateway Route Interfaces & Routing Multicast Routing (PIM SM) Global Interfaces RP Routers Network Services DNS Forwarders Request Routing DyDNS Network Services DHCP IPv4 Server IPv6 Server Relay Options - IPv4 Options - IPv6 Network Protection Firewall Rules Site-to-site VPN Certificate Management Certificates Site-to-site VPN Certificate Management Certificate Authority Site-to-site VPN Certificate Management Revocation List (CRL) Site-to-site VPN Ipsec Connections Site-to-site VPN Ipsec Remote Gateways Site-to-site VPN Ipsec Policies Site-to-site VPN Ipsec Local RSA Key Rules Certificates Certificate Authority Revocation List (CRL) IPSec VPN Connections Gateway Type: Initiate Connections Gateway Type: Respond Only IPSec Policies Current Local Public RSA Key Local RSA Key VPN Options Site-to-site VPN Ipsec Advanced Local X509 Certificate NAT Traversal (NAT-T) Remote Access PPTP Global Remote Access L2TP Over IPsec Global Remote Access Ipsec Connections Remote Access Ipsec Policies Remote Access Ipsec Advanced Main Settings Main Settings Ipsec Connections IPSec Policies Local X509 Certificate Preshared Key Settings NAT Traversal (NAT-T) Remote Access Advanced January 2017 Client Options Page 18 of 21
UTM Migration Portal Guide Appendix D – List of General Behavior Following conversions will happen while migrating from UTM to SFOS: 1. For any entity, if the maximum character length supported in SFOS is less than that supported in UTM: Such values will be trimmed off to the maximum number of characters that are supported in SFOS. 2. For any duplicate records in UTM (No duplicate records are supported in SFOS): A unique number will be added as a suffix in entity name. 3. For any entity whose value is valid in UTM but not in SFOS: Value of that entity will be set same as the default value (of that entity) in SFOS. 4. For any entity that is not mandatory in UTM but is mandatory in SFOS: Value of that entity will be set same as the default value (of that entity) in SFOS. January 2017 Page 19 of 21
UTM Migration Portal Guide Appendix E – Downloading UTM Configuration You can download the configuration file by executing following steps: 1. Login to Sophos UTM Web Admin console. 2. Go to Management Backup/Restore. 3. In the Create Backup section, click Create backup now. Note: Migration is supported only on full backups. Do not select the following highlighted options while creating backups: 4. The Backup will be displayed in the list of available backups. 5. Click icon to download the configuration file of the latest backup. 6. Click Download backup to download the configuration file. January 2017 Page 20 of 21
UTM Migration Portal Guide The downloaded configuration file will have .abf file extension. You can download an encrypted configuration file by selecting Encrypt before downloading. The password you provide here will be required further in the migration progress. The downloaded configuration file will have .ebf extension. January 2017 Page 21 of 21
i. Hardware - SG series hardware appliances support SFOS. If you have a UTM series appliance, contact your Sophos Partner or Sophos representative to upgrade your hardware. ii. Virtual appliance - Virtual / Software appliances with 2 GB RAM or more support SFOS. b. Firmware version: i. Migration Portal allows converting configuration backup .
HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager
EventTracker: Integrating Sophos UTM 11 Figure 11 . Verify Sophos UTM Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search field, type ' Sophos UTM ', and then click the Go button. Alert Management page will display all the imported Sophos UTM alerts. Figure 12 . 4.
This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.
Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac
This guide is intended to help you install and get up and running with Sophos iView v2. Reports for Device Type iView v2 provides reports for following device types: - Sophos Firewall OS - Sophos UTM 9 - CyberoamOS Licensing Sophos iView licenses are available in multiple tiers based on storage requirements and support terms
Sophos UTM 9.2 Sizing Guide 2. Make first estimate — using the calculated "Total UTM User" number Take the "Total UTM User" and make a first estimate for the required UTM hardware appliance within the following diagram: Ì Each line shows the range of users recommended when only using this single subscription.
Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only
Historical view point from medieval sources. The Indian Archives, National Archives of India, New Delhi, 2001. 40) Duniya-i-ilm-o-Adab ki Azeemush Shan Shakhsiyat – Qazi Saiyid Nurullah Shushtari. Rah-i-Islam, New Delhi 2002. 41) Aurangzeb and the Court Historians: A case study of Mirza Muhammed Kazim’s Alamgir Nama. Development of Persian .
