cancel
Showing results for 
Search instead for 
Did you mean: 
lpp
Level 9
Report Inappropriate Content
Message 1 of 2

Transfer policies to a test staging (and test) server

Jump to solution

Hello,

The structure of the company I am working for is based on the e-TOM framework, where each function relies on a distinct group, under a distinct manager, each with its own mandates and responsibilities.
Briefly in the model Engineering "develops" (for a buy product like McAfee Web Gateway it is just a matter of integration and settings), tests and delivers a solution, while Production administers it according to the provided instructions.

This means that we have several MWG nodes: 40 (two 20-node farms) for production, 2 for test and 2 for development. Each time a new rule must be implemented, or a new version must be deployed, the work is accomplished in our test plant, and only after a test-list is successful the configuration is deployed on the production servers by means of technical notes.

In this scenario it is therefore mandatory for us to periodically replicate the production configurations to our test nodes. This has been easy for the last ten years, up to a couple of years ago: a back-up run on any production node just needed to be loaded (policy only) to a clustered test node.

Unfortunately with the latest version (but the issue appeared before, approximately a couple of years ago) it is impossible to load a policy on a node which wasn't part of the cluster from which it was saved.
I could find useful instructions to restore a complete configuration, not only the policy but also all the other settings related to the single physical node, at the following post: https://community.mcafee.com/t5/Documents/Web-Gateway-Restoring-a-backup-after-a-Hardware-replacemen... .

The problem is that since the instructions do not only restore the policy but EVERY single setting from the originating node (which should then be restore by hand according to the test plant specific situation), I am then unable to access the GUI because I am not an administrator for the production systems.

KB70100 provides a way to replace or reset the GUI administrators from CLI, but as soon as I recreate the hash for the active configuration just after overwriting the administrators.xml file (/opt/mwg/bin/mwg-coordinator -F "file:in=`cat /opt/mwg/storage/active_configuration`") the node is restored to its previous configuration, before loading the production file, thus the whole operation becomes useless.

On the other hand simply replacing the value of the uuid on /etc/mwg causes the system to call the intial configuration wizard, while the proper configuration is missing, so it is not a good path.

Does anybody have an idea if there is a way to ideally just replicate the policies (along with the lists, templates and in general everything which is kept synchronised through nodes when in cluster) from a cluster to another?

Thank you very much for your attention.

1 Solution

Accepted Solutions
Highlighted
lpp
Level 9
Report Inappropriate Content
Message 2 of 2

Re: Transfer policies to a test staging (and test) server

Jump to solution
Policies can natively be exported through the ad-hoc export button of course, instead of a configuration back-up.
I am sorry, I completely forgot.

Best regards.
1 Reply
Highlighted
lpp
Level 9
Report Inappropriate Content
Message 2 of 2

Re: Transfer policies to a test staging (and test) server

Jump to solution
Policies can natively be exported through the ad-hoc export button of course, instead of a configuration back-up.
I am sorry, I completely forgot.

Best regards.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community