Import Configuration Settings From a Locally-Managed Firebox

Applies To: Cloud-managed Fireboxes

The Import Configuration wizard makes it easier to migrate from locally-managed Fireboxes to cloud-managed Fireboxes. If you want a cloud-managed Firebox to use the same settings as an existing locally-managed Firebox configuration, the Import Configuration wizard saves you time and reduces the risk of errors.

With the Import Configuration wizard, you can import these settings from a locally-managed Firebox configuration file to a cloud-managed Firebox:

  • Aliases
  • Exceptions
  • Routes
  • Blocked Ports
  • Blocked Sites
  • Dimension Servers
  • Syslog Servers
  • Technology Integrations

You can import only the listed settings from a locally-managed Firebox configuration file to WatchGuard Cloud. The import process does not import any other settings from the configuration file.

When you import configuration settings, the Import Configuration wizard compares the settings you want to import with the settings that are already configured on the cloud-managed Firebox. If the settings you want to import are duplicates of the settings that are configured on the cloud-managed Firebox, you can select an action to take, such as merge, replace, keep, or skip settings.

You can use the Import Configuration wizard when you want to:

  • Add a device to WatchGuard Cloud
  • Import configuration settings to an existing cloud-managed Firebox
  • Import configuration settings to a Firebox template

Before You Begin

Before you import configuration settings to a cloud-managed Firebox, review the information in these sections:

Configuration File Requirements

Before you can import configuration settings to a cloud-managed Firebox, you must first export and save the .XML configuration file from the locally-managed Firebox you want to import the settings from.

To save a configuration file from your locally-managed Firebox, follow the steps in these topics:

The configuration file from the locally-managed Firebox:

  • Must be in .XML format
    If you save a configuration file from Fireware Web UI, you must unzip the .XML file from the .GZ file before you can import it.
  • Must be a valid Firebox configuration file
  • Must contain fewer than 5000 total exceptions to import
    A cloud-managed Firebox supports up to 5000 exceptions. There is no maximum limit for aliases.

Duplicate Configuration Data

When you import configuration settings from a locally-managed Firebox, the Import Configuration wizard might detect duplicate settings that exist in both the imported .XML configuration file and the cloud-managed Firebox configuration in WatchGuard Cloud. When this occurs, you must specify what action to take for each type of duplicate setting in the Duplicate Settings section of the wizard.

Duplicate setting detection is not applicable to Dimension servers, syslog servers, and technology integrations.

Screenshot of the Import Configuration UI

The Import Configuration wizard finds duplicate aliases based on the name of the alias.

Merge

Merges the alias members from the imported configuration with the alias members in WatchGuard Cloud.

For example, a local .XML configuration file has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias1, alias2

WatchGuard Cloud configuration has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias3, alias4

Result in WatchGuard Cloud after import:

  • Alias Name: my_alias
  • Alias Members: alias1, alias2, alias3, alias4

Replace

Overwrites the alias in WatchGuard Cloud with the alias from the imported configuration.

For example, a local .XML configuration file has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias1, alias2

WatchGuard Cloud has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias3, alias4

Result in WatchGuard Cloud after import:

  • Alias Name: my_alias
  • Alias Members: alias1, alias2

Keep Both

Keeps both the alias in WatchGuard Cloud and the alias from the imported configuration file. Rename the alias from the imported configuration file to [alias name]+1.

For example, a local .XML configuration file has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias1, alias2

WatchGuard Cloud has these alias settings:

  • Alias Name: my_alias
  • Alias Members: alias3, alias4

Result in WatchGuard Cloud after import:

  • Alias Name: my_alias
  • Alias Members: alias3,alias4
  • Alias Name: my_alias.1
  • Alias Members: alias1, alias2

Skip

Ignores any duplicate aliases. The import process categorizes duplicate aliases as unsupported and does not import them to WatchGuard Cloud.

The Import Configuration wizard finds duplicate exceptions based on the settings that you configure for each type of exception.

Replace

Overwrites the exception in WatchGuard Cloud with the exception from the import.

For example, a local .XML configuration file has these exceptions:

  • Exception Name: my_exception
  • Exception Action: action1

WatchGuard Cloud has these exceptions:

  • Exception Name: my_exception
  • Exception Action: action2

Result in WatchGuard Cloud after import:

  • Exception Name: my_exception
  • Exception Action: action1

Skip

Ignores any duplicate exceptions. The import process categorizes duplicate exceptions as unsupported and does not import them.

Replace

Overwrites the route distance.

For example, a local .XML configuration file has these settings:

  • Network: 192.168.1.100
  • Gateway: 10.0.1.1
  • Route Distance: 1

WatchGuard Cloud has these settings:

  • Network: 192.168.1.100
  • Gateway: 10.0.1.1
  • Route Distance: 2

Result in WatchGuard Cloud after import:

  • Network: 192.168.1.100
  • Gateway: 10.0.1.1
  • Route Distance: 1

Skip

Ignores any duplicate exception. The import process then categorizes the duplicate routes as unsupported and does not import them.

Replace

Overwrites the description of a blocked site in WatchGuard Cloud with the description from the imported configuration file.

For example, a local .XML configuration file has this blocked site:

  • Blocked Site: A_Site.com
  • Description: Website A.

WatchGuard Cloud has this blocked site:

  • Blocked Site: A_Site.com
  • Description: Website B.

Result in WatchGuard Cloud after import:

  • Blocked Site: A_Site.com
  • Description: Website A.

Skip

Ignore any duplicate blocked sites. The import process categorizes the duplicate blocked sites as unsupported and does not import them.

Skip

Ignore any duplicate blocked ports. The import process categorizes the duplicate blocked ports as unsupported and does not import them.

Not Importable Settings

When you use the Import Configuration wizard to import configuration settings from a locally-managed Firebox, the Not Importable tab might show settings that you cannot import because they are not supported.

Screenshot of the Not Importable UI

Not Importable Aliases

Network Interface Reference

Alias that references a network interface.

Nested Alias

Alias member that has a nested alias that WatchGuard Cloud does not support.

For example, my_alias contains my_other_alias as a member type. This is a nested alias. my_other_alias contains a member type that WatchGuard Cloud does not support.

You can import a nested alias if it already exists in the cloud-managed configuration.

Duplicate Alias From a Template

Alias that has the same name as an alias from a template that the cloud-managed Firebox subscribes to.

Not Importable Exceptions

Duplicate Exception From a Template

Exception for the same service and with the same value as an exception from a template that the cloud-managed Firebox subscribes to.

Unsupported Exception Action

Exception that performs an action that WatchGuard Cloud does not support. For example, the spamBlocker Quarantine action is not supported.

Not Importable Routes

Duplicate Routes that are Skipped

Routes that are skipped from the Duplicate Settings page.

Not Importable Blocked Sites

Duplicate Blocked Sites that are Skipped

Blocked sites that are skipped from the Duplicate Settings page.

Duplicate Blocked Sites From a Template

Blocked sites with the same value as a blocked site from a template that the cloud-managed Firebox subscribes to.

Not Importable Blocked Ports

Duplicate Blocked Ports that are Skipped

Blocked ports that are skipped from the Duplicate Settings page.

Duplicate Blocked Ports From a Template

Blocked ports with the same value as a blocked site from a template that the cloud-managed Firebox subscribes to.

Not Importable Aliases

Network Interface Reference

Alias that references a network interface.

Nested Alias

Alias member that has a nested alias that WatchGuard Cloud does not support.

For example, my_alias contains my_other_alias as a member type. This is a nested alias. my_other_alias contains a member type that WatchGuard Cloud does not support.

You can import a nested alias if it already exists in the cloud-managed configuration.

Duplicate Alias From a Template

Alias that has the same name as an alias from a different template on the account.

Not Importable Exceptions

Duplicate Exception From a Template

Exception for the same service and with the same value as an exception from a different template on the account.

Unsupported Exception Action

Exception that performs an action that WatchGuard Cloud does not support. For example, the spamBlocker Quarantine action is not supported.

Not Importable Blocked Sites

Duplicate Blocked Sites From a Template

Blocked sites with the same value as a blocked site from a template that the cloud-managed Firebox subscribes to.

Not Importable Blocked Ports

Duplicate Blocked Ports From a Template

Blocked ports with the same value as a blocked site from a template that the cloud-managed Firebox subscribes to.

When you import configuration settings into a template, the Import Configuration wizard does not search for duplicates across all templates that belong to an account. The duplicates do not show on the Not Importable tab, but they do show on the Finish page after you complete the wizard.

Screenshot of the Finish page

Import Configuration Settings

With the Import Configuration wizard, you can import some configuration settings from a locally-managed Firebox configuration file to a cloud-managed Firebox configuration.

To import configuration settings to a cloud-managed Firebox, from WatchGuard Cloud:

  1. Export and save the .XML configuration file from the locally-managed Firebox you want to import the settings from. For more information, go to Configuration File Requirements.
  2. From WatchGuard Cloud, select Configure > Devices.
  3. Select a cloud-managed Firebox.
  4. Select Device Configuration.
    The Device Configuration page opens. The Import Configuration feature is located in the lower part of the page.

Screenshot of the Device Configuration page

  1. Click Import Configuration.
    The Import Configuration wizard opens.

Screenshot of the Import Configuration wizard

  1. Drag a configuration file you saved from a locally-managed Firebox (.XML format) to the file upload box.
    You can also click the box to browse and select the configuration file.
  2. If the wizard finds duplicate settings, the Duplicate Settings section opens. From the drop-down lists, select the action to take for each duplicate item. For more information, go to Duplicate Configuration Data.

Screenshot of the Duplicate Settings page

  1. Click Next.
    The Aliases page opens.

Screenshot of the Aliases page

  1. From the Importable tab, select the check box next to each alias to import. The page shows the number of aliases available for import and the number of aliases found in the configuration file.

Some data is not available for import because it might be reserved for use by the Firebox, such as a default alias. The Not Importable tab shows items that WatchGuard Cloud cannot import. For more information, go to the Not Importable Settings section of this topic.

  1. Click Next.
    The Exceptions page opens.

Screenshot of the Exceptions page

  1. From the Importable tab, select the check box next to each exception to import. The page shows the number of exceptions available for import and the number of exceptions found in the configuration file.
  2. Click Next.
    The Routes page opens.

Screenshot of the Routes page

You cannot import routes into a template.

  1. Select the check box next to each route to import. The page shows the number of routes available for import and the routing distance found in the configuration file.
  2. Click Next.
    The Blocked Ports page opens.

Screenshot of the Blocked Ports page

  1. Select the check box next to each blocked port to import. The page shows the number of blocked ports available for import in the configuration file.
  2. Click Next.
    The Blocked Sites page opens.

Screenshot of the Blocked Sites page

  1. Select the check box next to each blocked site to import. The page shows the number of blocked sites available for import and their description in the configuration file.
  2. Click Next.
    The Dimension Servers page opens and shows the Dimension Servers on the cloud-managed Firebox.

Screenshot of Dimension Servers page

  1. (Optional) Click Select Server to change the list of Dimension servers.
    A dialog box opens that shows you the list of available Dimension servers. The list shows servers from both the import file and the cloud-managed configuration.

    Screenshot of the Dimension Servers dialog box
    1. Select the check box next to two Dimension servers that you want to use with WatchGuard Cloud. You can only select up to two Dimension servers from the list.
    2. Click OK.
      The Dimension Servers page opens.
  1. Click and drag the Dimension servers to prioritize them in the list. You can prioritize up to two Dimension servers.

Screenshot of the Dimension Servers page

  1. Click Next.
    The Syslog Servers page opens. The list of servers includes both syslog servers from the import file and syslog servers from the cloud-managed configuration. You can select up to three syslog servers.

Screenshot of the Syslog Servers page

  1. Select the check box next to each syslog server that you want to use with WatchGuard Cloud.
  2. Click Next.
    The Technology Integrations page opens.

When you import a technology integration, it replaces an existing technology integration of the same type. For more information, go to About Firebox Technology Integrations.

Screenshot of Technology Integrations page

  1. Select the check box next to each technology integration to import.
  2. Click Next.
    The Finish page opens.

Screenshot of Finish page

  1. Review the settings to import. Click Finish.
    The Upload in Progress bar indicates the status of the import process.

Screenshot of the Upload in Progress bar

  1. Deploy any changes to WatchGuard Cloud.

Screenshot of the Device Configuration page

After you deploy any changes, imported settings show in WatchGuard Cloud on the Device Configuration page. From this page, you can click the relevant tiles to edit or delete the settings that you imported.

If you want to import configuration settings from a locally-managed Firebox to multiple cloud-managed Fireboxes, you can add or edit a Firebox template. The Import Configuration wizard is available from a Firebox template. For more information, go to About Firebox Templates.
If you use a template to import settings, you must also use the template to edit or delete the settings after import. You cannot import routes into a template.

Related Topics

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add Exceptions in WatchGuard Cloud

Configure Firebox Aliases