TZ300 to TZ370 migration
PierreH
Newbie ✭
Hi, I made an import configuration from a TZ300 (last firmware 6.5.4.7-83n) to a new TZ370
We had Https management enabled on X1 WAN interface with firewall access rules enabled to some IP adresses
Surprise, the X1 Https management was not enabled on the new TZ370 but I had my old access rules as default rules and When I enabled the Https management again on X1 (TZ370), new firewall access rule was added, and when I tried to change the source address I could not because of duplicated rule.
Anybody got that bug?
thank you
Category: Entry Level Firewalls
0
Answers
I do not recommend importing configurations between different models or firmwares, no matter what Sonicwall says is supported!
I have always been bitten by weird things like you've mentioned, opened tickets, only to have support say 'factory default the unit, and manually reconfigure it'.
I can confirm this exact problem between pre-Gen7 and Gen7 firewalls.
Just noticed this bug as well, that's a BIG issue.
TZ300 to NSA3700 using SonicWALL migration tool.
I just used the migration tool to go from a TZ300 (6.5.4.9-92n) to a new TZ370 (7.0.1-5030-R2007) and did not have this issue.
However, the migration would not work with the TZ370 firmware at 7.0.0. I attempted it several times (reset to factory default & import new migration created configuration) but every time the TZ370 would become unresponsive. I also tried to do a manual setup, which went fine until I changed something it didn't like, and it became unresponsive again. I'm still not sure what change caused the problem. Finally, I decided to update the TZ370 firmware to 7.0.1. After that the migration went smoothly and it appears that all settings are correct on the TZ370.
I know this post is a year old but hopefully I can help someone else avoid wasting the good part of a day trying to figure it out!
Just to confirm, this KB article includes the explicit instruction (Step 8) to update the firmware on the Gen 7 device BEFORE importing the migrated configuration.
Note: The fact that an NSa was used in the KB doesn't preclude using the same process for TZ series.