Upgrading from TZ300 to NSa3700
We have a TZ300 and it seems that we are having issues with throughput as we are migrating services to the cloud. A training session for our assemblers on Zoom was a disaster. The owner authorized upgrading our Firewall and our consultants recommended the NSa3700. We placed the order and I have questions about migrating our setting from the TX to the Nsa.
I see that there is a migration tool which will backup the existing TZ configuration and import them into the new Nsa. Has anyone made this big jump before? Did it work? Are there any issues I need to be aware of?
Thanks,
Peter
Best Answer
-
Micah SonicWall Employee
***Update: The KB has been updated with the NSa 3700 ***
Hi @sdp,
Just to piggy-back off of what @BWC said I can confirm that the TZ 300 settings can be imported into the NSa 3700. The KB is currently being updated with the correct table.
In the mean-time, the info can be found in our technical documentation here: https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-upgrade_guide/Content/Importing_Settings/importing-settings-by-platform.htm/
Kind Regards,
@micah - SonicWall's Self-Service Sr. Manager
1
Answers
Hi @sdp
wow quite a step, but if your consultants (AKA 💰️💰️💰️) said so.
The Migration Support Matrix does not cover the NSa 3700 at the moment, but NSa 2700 is on it, so my best guess it would probably work.
https://www.sonicwall.com/support/knowledge-base/can-settings-be-exported-imported-from-one-sonicwall-to-another-support-matrix/170505258332789/
But in my personal opinion and experience, don't do it. This would be a chance for an overhaul of your current configuration. You copy Address Objects etc. if you like via CLI, having both appliances side-by-side and copy&pase from the UI is OK too. The configuration of a TZ 300 might be not that complex I assume (might be wrong on that).
Consider the fact that it is not just a an upgrade from a tiny appliance to a fairly larger one, it's an upgrade from Gen6 to Gen7 with all it's bells and whistles.
Just my € .02, as always.
--Michael@BWC
Yes it is a big step. I'm an Electrical Engineer but unfortunately I'm just an IT hack. I've never taken a computer course in my life, but I've been handling IT at my work since the late 90's.
We've had on-site servers which are sorely outdated.. (Windows Server 2003) . Recently, we've migrated our Exchange to the cloud O365 G5. Our consultants are building our domain and file services on the Government Azure Cloud so we will be heavily dependent on the throughput of our firewall.
For a while now our TZ300 has been struggling. There is something wrong with it. We can't even have a zoom meeting with 2 people without the audio being choppy. Last week we tried to do a training session for 10 people and the audio was catastrophic and we gave up. That is why we as going to a Nsa3700 which should cover our needs for a while.
I don't have the luxury of time to setup the new device from scratch. Because I am a hack, I can do some of the basics but I can't handle SSLVPN and LDAP. CLI? way over my head. I was hoping to be able to just import what I have to get going and let the consultants smooth out any wrinkles
Hi @sdp it's a bit tricky to give advice here and I feel your need to get it resolved quickly. But Security isn't something to rush, IMHO. If you don't have the expertise to configure it from scratch, hire someone with the knowledge to do it for you.
Or just give it a try to migrate/import the old settings into the new Appliance and see what happens, but problems may occur later on.
--Michael@BWC
Hi @sdp, just one question, why have they recommended an NSa3700 rather than a TZ570, TZ670 or an NSa2700?
What kind of deployment i.e throughput do you need how many devices will be going through your Firewall ? it just seems like an extraordinary big jump if you currently have a TZ300
Hi Preston,
Not sure I have a good answer. I suppose a TZ670 is comparable to the NSa3700 but I'm not sure what the feature differences are without diving into it. I think the driving factor was perhaps the VPN throughput. The plan is to migrate our on-site file server to the Azure Cloud and we'll be connected to it through a VPN tunnel. We also have a couple of small remote sites too. Our mail server is in the cloud and accounting system has been migrated too. The thought was to use a Nsa3650 or 2650, the 3650 is EOL soon so we just opted to go higher and be safe down the road.