cancel
Showing results for 
Search instead for 
Did you mean: 
DBO
Level 9
Report Inappropriate Content
Message 1 of 12

How do you migrate from a lab server to a new production server?

Jump to solution

What would be the procedure to migrate the complete setup of a lab server (Policy, list, Template, etc but not IP/Name/NTLM credential of the proxy ) to a new production server?

Once in place, how can you keep them in sync other then retyping list content, etc?  I know I can export/Import ruleset from local file but it seem I can only import content in list but not export a/all list???

I have also tried to locate those files directly from the server but was only successfull to locate some minor files.  I was used to do that with WW6.9...  Is there a list of proxy files with desc and location????

1 Solution

Accepted Solutions
snoehler
Level 10
Report Inappropriate Content
Message 2 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Hi!

If you go to the Troubleshooting tab of your web gateway you should see "Backup/Restore" on the left hand side. Create a backup by clicking on "Backup to file".
On your new production server you can then restore this backup, by default only the policy tab will be restored. If you would like to restore accounts as well you would need to tick "Configurations and Accounts".

For syncing you may consider Central Management​. You can then use the Central Management to synchronize your policy from the lab to the production web gateway.

~sno

View solution in original post

11 Replies
snoehler
Level 10
Report Inappropriate Content
Message 2 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Hi!

If you go to the Troubleshooting tab of your web gateway you should see "Backup/Restore" on the left hand side. Create a backup by clicking on "Backup to file".
On your new production server you can then restore this backup, by default only the policy tab will be restored. If you would like to restore accounts as well you would need to tick "Configurations and Accounts".

For syncing you may consider Central Management​. You can then use the Central Management to synchronize your policy from the lab to the production web gateway.

~sno

View solution in original post

DBO
Level 9
Report Inappropriate Content
Message 3 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Yes, I am allready backing the lab config before any new big changes but after reading doc-5207, I wasn't sure of the impact of a backup from one server to a restore on a different one...  I will read Doc-4823 and surely come back with more question!!!  So much to learn and so little time!!!

Thank you

PS: Any documentation on the file structure in the gateway itself?

DBO
Level 9
Report Inappropriate Content
Message 4 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Doesn't work, «Cannot find own UID in backup».  So a GUI initiated restore on a different server is a no go...  Is it possible another way?

DBO
Level 9
Report Inappropriate Content
Message 5 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Ok, evidently, it was my fault.  I was trying through the GUI to restore with the Configuration and accounts option selected and it's only valid on a server with the same UUID

snoehler
Level 10
Report Inappropriate Content
Message 6 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Hey,
was totally my bad. Should have mentioned the article about
Sorry about the missing information

Highlighted
DBO
Level 9
Report Inappropriate Content
Message 7 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

It's oK, I had a look at it before asking on the site.  The migration to another machine is describe but it's not the scenario I was looking for (migrate from lab to production). Anyway, it's done. 

Small question: when installing a cert for the GUI, is it something that is synchronise across members of a cluster?

Re: How do you migrate from a lab server to a new production server?

Jump to solution

What I found was that GUI settings, including the cert, are per appliance (though, I'm am going from memory in my own testing).

Having recently tested the re-imaging procedure, with a number of run throughs--and hitting way too many problems, I now have a good sense of what's required.

The list of critical areas that are per-appliance settings include (as a minimum):

  1. Network Interfaces
  2. Static Routes (requires manual entry--we have up to nine routes, ouch)
  3. Date and Time (we block NTP to the Internet, so we have to set the time before joining a cluster -- another ouch)
  4. Central Management: Group runtime, Group update, etc.
  5. Proxies (HTTPS(S), FTP, SOCKS, ICAP…): HTTP port definition list, Enable SOCKS proxy, etc.
  6. SNMP: Listener address list, Communities for SNMPv1 and SNMPv2 access
  7. User Interface

It would be nice if there was a way to force copying settings from another appliance in a backup.

Maybe if there was a way for it to pretend to be another appliance and then change UUID and host name, that might get it.  Anybody have a thought about how this might be made to work?.

Also, now that a Cluster CA is required, you have to set that before joining a cluster.  It would be nice if this was also taken care of when restoring a backup.

Setting time can be done by setting under "Date and Time" a reachable NTP server and rebooting, or manually with hwclock, as follows:

  1. Set time zone to UTC: cat /usr/share/zoneinfo/UTC > /etc/localtime
  2. Set hardware clock: hwclock --set --date "<dd mmm yyyy HH:MM>" --utc
  3. Set system clock: hwclock --hctosys

Gosh, it sure is nice when restoring a backup works right.  Too bad there are so many pitfalls.

snoehler
Level 10
Report Inappropriate Content
Message 9 of 12

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Hi guys,

I was on vacation for two weeks so apologies my late response. ​ you are right, those settings wont be copied in a backup, most likely all settings part of the configuration tab wont.

What you could do to copy all the settings (I would highly recommend to do this with a standalone appliance only) and keep in mind that this way is NOT supported at all - if you try it then on your own risk!

1. Download the current active configuration from the appliance you would like to backup (via FTP)
2. Replace the UUID with the new one, modify the network settings (hostname, IP etc)
3. Upload this config to the new appliance and make it the active one

If you would like to have a more detailed guide just ping me, I am following both of you so that you can leave me a message

Re: How do you migrate from a lab server to a new production server?

Jump to solution

Thank you for the response. If the steps are just a matter of working with directories and text files, then it would be nice to have the relevant paths.  If there are special commands, it'd be nice to provide examples.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community