SonicAdmin80 Cybersecurity Overlord ✭✭✭
Comments
-
Me too, still on 10.0.6. Hopefully not too long until there is a fix.
-
According to the data sheet the 500v doesn’t have SSL acceleration while the 8200v does. Sounds like it could be deliberately made to not support cpu crypto acceleration to differentiate it from other models. It could be quite fast anyway if the cpu has a high clock speed, but I still recommended the 410 to a customer on…
-
I can create a case when I have the time. In the end I did the configuration with "import cli terminal merge" by pasting smaller sections at a time and it worked fairly well. I had some problems with FTP import as well so direct pasting worked the best in this case.
-
@John_Lasersohn, I just tried that but it doesn't work either. Strangely the help indicates that only a directory should be entered and not a path, which points to that it should work interactively. Maybe the scp feature is not actually finished.
-
Hi @preston. I was using 'import cli terminal merge' and it mostly works ok and seems safer than just pasting directly to the conf prompt. I think I have the configuration cleaned up to a point where it works ok in a few batches. I'm trying to avoid setting up a FTP server, although I might have an app for that installed…
-
I quickly tried to import all the access rules I had with a single commit only at the end and it seemed to succeed. So perhaps commit after every access rule is overly cautious.
-
Hi @John_Lasersohn, Yes I know, but the example for scp is not correct as it doesn't accept the command even if the example is followed perfectly. To me it looks like it's not implemented at least for cli import. I didn't try for exp.
-
@Saravanan I found the issue. Gen 7 UI has a problem with VPN policies that have the ampersand (&) character in their name. All other policies are also hidden until the policy with the ampersand is removed. This is a bug in the Gen 7 UI as ampersands are allowed and work in the CLI and Gen 6 UI.
-
The problem seems to be specifically in the import process. I did a factory reset for the firewall and created a new policy from the CLI and it shows up in GUI as well. That's enough for me now as I can enter the IPsec policies that way without having to do them manually. I created a ticket for this as well.
-
Sure, I'll do that today.
-
Hi @Saravanan & @Ajishlal , The setting was already unticked. TZ500 is at 6.5.4.7-83n and TZ670 at 7.0.0-R713.
-
Hi @Ajishlal, The tool doesn’t migrate VPN policies, perhaps because of this exact reason. Or are there other reasons for them not being migrateable?
-
@RedNet That's quit a procedure. Luckily I was on 6.5.4.4 already so I could do the system update once it was finally available. It must have been over a week since the swi release when it became available throught system update.
-
Thanks for the info. Luckily 6.5.4.4 for NSv doesn't seem to have the same problems as the version for physical appliances. I've run one NSv with 6.5.4.4 for a few weeks without problems.
-
That's what I thought also. So the release notes are correct .