I was looking for the easiest way to clone and deploy a WebGateway in another site with the same policy configuration. We have 2 sites and currently site 2 has no internet circuit and instead accesses internet through MPLS to site 1 and out their internet circuits. Everyone currently goes through the single McAfee Web Gateway appliance in Site 1. We are deploying an internet connection in Site 2 and want to use the same customizations and policies. How can I set this up? Can I simply back up 1 and restore on the other? Will this also restore IP address and other network settings? I'd like to just clone the config and policies while leaving the network settings on the new unit intact.
Solved! Go to Solution.
"cloning" is in no way a good idea. Every system (physical or virtual) has a unique identifier, the "UUID". If you clone a system with some tools or by simply copying all files from one machine to another, the UUID will be different. The complete configuration of your appliance is linked to the UUID, so even if you clone your system it will boot up with no configuration, since the UUID does not match.
On VMWare there are ways to also clone the UUID. It is highly recommended not to do so, since there are reasons why each machine should have its own UUID.
You can very easily create a Backup on the existing node. Get the ISO with the correct version and install a fresh MWG on your remote site and restore the backup. It will only import the Policy, you will have to apply the IP settings manually (because the system settings are - in the backup - also bound to the UUID).
There are also ways to completely clone a system and/or rewrite the UUIDs, but I really recommend not to fiddle around with the UUID as it may break things.
I just read about something called Central Management that will allow my appliances to synchronize with each other. Is this a viable option to copy the configuration from Site 1 to my WebGateway 4500 in Site 2 and keep them synchronized when changes are made?
This is what I would have recommended. It is a totally viable option as long as there is a consistent link between the appliances. This option syncs everything on the Policy and Accouts tab, leaving what is on the Configuration tab as is, the same as you would see with a backup/restore..