How best to use NSM Templates in the migration from Gen 6.5 to Gen 7 devices?
I have a fleet of Gen 6.5 TZ firewalls that will - eventually - migrate to Gen 7 devices.
They each contain a slew of Address Objects and Groups that are common across all my clients' environments. For example, I use Datto appliances for BDR and Networking. I have more than a dozen Address Objects to use as exclusions from some Security Services and Geo-IP filtering, along with the one Address Group to house them. The same applies to SentinelOne, ConnectWise, and others.
I would like to consolidate those objects across UTMs and build the appropriate Templates in NSM for a new (fresh) deployment. I'm looking to see if there is some kind of import functionality that would allow me to quickly build the necessary entries.
If there isn't (and I don't suspect there is after reading the doc), does anyone have a recommended approach for creating dozens of entries in a short amount of time?
The last thing in the world I want to do is retype all of this stuff in the cloud (which is what I have been doing in "land-based" deployments over the past 10 years).
Thanks!
Answers
Hi Larry
in NSM you can create a template from a firewall configuration.
First, I would use the migration tool to convert a 6.5 into a 7.0 exp file. Then upload the exp to a new Gen 7 firewall and acquire the firewall in NSM. Now can create a template from that firewall configuration.
@Thomas_Buergis while this is an interesting approach, I fear thought I will spend more time deleting all of the unwanted items from the entire firewall template than actually building the small number of address groups I need from a blank slate.
Which leads to the fact that I have opened Support Case 43845653. That's because when trying to create Address Objects, the windows in NSM do not behave like "normal" Windows windows do (and have for decades).
Enter the Name field and tab to Zone Assignment field. The cursor appears at the END of the field. That means that you must backspace to clear the entire field before you can enter or select a value from the drop-down list.
Type the first letter, say "w" for WAN and even if you select, it switches back to LAN when you tab.
Select the Zone Assignment and tab to the Type field. The cursor doesn't even respond. Try to type the first letter, say "f" for FQDN and nothing happens. The expected drop-down list does not appear. You can't even select the value from the drop-down list using cursor keys.
My Request for Enhancement has been turned over to the NSM management team. I'm thinking I’ll see this come to light in NSM 3.1.5 (probably sometime late in 2023)…