Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1
    DSI
    DSI is offline
    Untanglit
    Join Date
    Nov 2009
    Posts
    16

    Exclamation Migrating to NGFW from OldSchool Untangle appliance

    I have a HW server that NGFW is installed on and I want to get the new one configured with all the Port Forwards and such, then, swap it with the existing Untangle server (old version) that is running live.

    How do I configure the NGFW so that all the rules and settings that I've spent the last couple of hours transferring into the new system by hand aren't lost?

    Because the NGFW box is not connected to the WAN side of things it is unhappy with me. When I try to move from Network configuration page to "Back to Config" there is a message that pops up, "There are unsaved settings which will be lost. Do you want to continue?" and the answer is, of course, no, I don't want to lose my work.

    The "Save" icon is greyed out and there is no further detail about just how one would save the settings, at least not that I have been able to find searching in regard to this scenario.

    What can I do to prepare this new box from behind the old one on our LAN so that the cutover will only involve my moving the cables from one to the other?

    Thanks for any insight on this!

    Just noticed that I'm a Newbie ... that joined in 2009.
    Last edited by DSI; 07-11-2018 at 01:50 PM.

  2. #2
    DSI
    DSI is offline
    Untanglit
    Join Date
    Nov 2009
    Posts
    16

    Default

    Overnight all the changes and settings I had done were lost when the login timed out (presumably). Logging back in this morning all my Port Forwards and other modifications were gone.

    To be clear, I want to have the new NGFW on the network, able to reach the internet and me able to configure it, prior to replacing the existing legacy Untangle firewall with the new one.

    Is there a way to set up the Interfaces (Internal/External) so that it exists on my LAN in a way that will allow me to configure the NGFW settings to match the existing legacy Untangle firewall's settings, without interrupting the existing connection from our LAN to the internet through the legacy Untangle firewall?

    What I've tried so far has either not provided the connection it wants to the internet, or, it has stopped all network access to the internet for other LAN users.
    Last edited by DSI; 07-12-2018 at 07:07 AM.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,700

    Default

    Are you replacing an Untangle v9 system? Because otherwise I'm confused, you'd just backup the old one, restore to the new one, and map the interfaces then swap cables.

    Otherwise yes, I do this regularly, I configure the NICs based on what I need to get online, updated, and management up. (just give External whatever you need for now to get online) Tune the modules, port forwards or whatever to what is needed in production. Then swap back to the physical console to swap the IPs to the live versions while it's unplugged from the network. Once complete you just swap cables and everything moves. Sometimes you have to reboot a cable modem / fiber MTA, but that's about it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    DSI
    DSI is offline
    Untanglit
    Join Date
    Nov 2009
    Posts
    16

    Default

    Exactly, v9.4 I believe. Not transferable to the NGFW.

    I guess it is the configuring the NICs to get online that I'm struggling with. I have the Internal set static in the scope of my LAN and have logged into the management interface. The External configuration seems to be the issue. I've got the server setting on a bench and I have multiple connections to a switch on the network. It is just that I either can't reach the internet, or, I manage to break internet connection for everyone on the LAN.

    It is a bit of a head-scratcher how to set the External interface up to work without jacking things up for everyone. Could you provide some detail about how you set this up for this scenario?

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,700

    Default

    Ahh, so go into config -> network -> advanced -> access rules

    Find and enable Allow HTTPS on WANs.

    Now, you'll need to be on the physical console! Unplug the Internal interface, and plugin the external interface. Set External to DHCP, set internal to something bogus that won't interfere with anything.

    Check your interfaces once more to get the WAN IP it pulled, and use https://IP to get into the "remote admin" and configure away.

    Just remember to turn off that access rule when you're done.

    The key is to get External online, that's the interface that must be online no matter what. All the rest can be disabled, configured poorly, whatever.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    DSI
    DSI is offline
    Untanglit
    Join Date
    Nov 2009
    Posts
    16

    Default

    Thanks! That did the trick.

  7. #7
    DSI
    DSI is offline
    Untanglit
    Join Date
    Nov 2009
    Posts
    16

    Default

    Okay, now for the next worry on my migration list. Did I cover everything?

    So far, I've

    Copied the DHCP list
    Set up the DNS parameters
    Copied the Port Forwards
    Copied the Bypass Rules
    Configured Hostname parameters
    Configured and tested email notification
    Configured regional and time settings


    To do:
    Set that rule back to default before swapping the network cables with the legacy Untangle box
    Reconfigure the Interfaces to the appropriate external address
    Turn DHCP on and set the range of available addresses

    Questions:
    About certificates, we recently moved from on premises Exchange to Office 365, so I'll need to learn more about whether or not I need to do anything new here.

    Open to any suggestion, or, any mention of a glaring oversight on my part of some key aspect I haven't listed.

    I want this to go smoothly.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,700

    Default

    O365 means you don't need the Spam Blockers, you don't need to bypass it or do anything special to use it.

    The only thing that I'd take a hard look at is your bypass rules, Untangle v9 required far more bypass rules than v14 does. So anything you're doing in config -> networking needs a sanity check. The ideology behind the design of the UTM is fundamentally different. You won't find everything right now, but over time you may see some things. Just try to keep things as default as possible and ensure every rule you set has a reason and you know what that reason is. Do all that, and you'll be fine.
    Sam Graf and DSI like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,588

    Default

    Quote Originally Posted by sky-knight View Post
    ensure every rule you set has a reason and you know what that reason is.
    Many is the time I've wished some product or other had a textbox next to each setting where you could save, right next to the setting, the reason why that value is what it is.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.0 to protect 700Mbits for ~400 residential college students and associated staff and faculty

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,700

    Default

    Quote Originally Posted by jcoehoorn View Post
    Many is the time I've wished some product or other had a textbox next to each setting where you could save, right next to the setting, the reason why that value is what it is.
    Most things in Untangle have a description field, that's what I use it for.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2