Problems Upgrading Gen 6 to Gen 7 Devices
MDS_UK Newbie ✭
Has anyone else had any problems when migrating Gen 6 configs to Gen 7 devices? We have had issues with several devices now including:
- Admin access on HTTPS. Gen 6 device has WAN>WAN firewall rule restricted to one IP address. On Gen 7 device, this rule has been superseded by an ANY rule and we are unable to delete the original rule with the restricted IP address.
- IPSEC VPN Agreement - unable to amend existing SA. Any change to SA results in an error when trying to save. SonicWALL support suggested upgrading to the latest firmware but this resulting in the SA disappearing completely but leaving orphaned access rules.
- HA - problem whereby the Secondary device is missing large amounts of the configuration when failed over to. Specifically all VPN SAs are completely missing.
I would be interested to hear if anybody else has had anything similar.
For clarity, these upgrades were performed by exporting the config from the Gen 6 device and importing to the Gen 7 device. We have seen these problems across the TZ and NSA models.
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Unfortunately the time-honored method of exporting the settings and importing them to a new device is not the recommended method for the Gen 6 to Gen 7 upgrade.
Follow this KB article for guidance. You should factory reset your Gen 7 device prior to undertaking these steps.
Hi @MDS_UK , are you using the migrate tool ? https://migratetool.global.sonicwall.com/
if not use this and see if you get the sam results and make sure the 6 Appliance is on the latest 188.8.131.52 firmware and Gen7 appliance you are upgrading to is the latest 7.0.1-5023-R1826 firmware
I've migrated lots of configs this way the only issue I've seen recently is sometimes the WAN Group VPN Shared secret is incorrect after migration.
If you are attepmting to migrate gen5 appliances you'll need to go via a Gen6 appliance.
if you are migrating from a Gen 6 appliance make sure it is on at least 6.5.4 not 6.2 or lower
Thanks Larry. Is this "official" SonicWALL guidance and, if so, is it documented somewhere?
I've tried that tool a few times before and it's failed dismally. Does it migrate anything beyond the interfaces? Eg. objects, rules, policies etc?
Admin access on HTTPS
There should be an option in the /diag menu that allows you to completely edit/delete automatically created rules. Suggest you enable it, edit the rules, then disable it again afterwards.
Thanks - that's helpful to know.
Yes it should migrate all the settings configured from the original config file to the new one
@MDS_UK yes, that is the official SonicWall KB on the matter.