Easy migration to Sophos XG firewall

Migrating firewall systems between two different vendors can take a loooooooong time. In this case, I needed to migrate to a Sophos XG system. Most of the work is to reconfigure definitions like hosts-, network- and service-objects. There is a way, where you can import XML config files into the Sophos XG. We found this out, as we exported “IPHost” as a selective configuration:

Sophos XG export xml configuration to tar

you will get a .tar file. Open this .tar file with 7-Zip and go into the “.”-dot folder. There you will find an Entities.xml, open it and you can see some definitions. I already filled in some variables (##number##) for our later XML conversion. There are net definitions:

<IPHost transactionid="">
  <Name>##1##</Name>
  <IPFamily>IPv4</IPFamily>
  <HostType>Network</HostType>
  <IPAddress>##2##</IPAddress>
  <Subnet>##3##</Subnet>
</IPHost>

hosts definitions:

<IPHost transactionid="">
  <Name>##1##</Name>
  <IPFamily>IPv4</IPFamily>
  <HostType>IP</HostType>
  <IPAddress>##2##</IPAddress>
</IPHost>

and service definitions:

<Services transactionid="">
  <Name>##1##</Name>
  <Type>TCPorUDP</Type>
  <ServiceDetails>
    <ServiceDetail>
      <SourcePort>1:65535</SourcePort>
      <DestinationPort>##3##</DestinationPort>
      <Protocol>##2##</Protocol>
    </ServiceDetail>
  </ServiceDetails>
</Services>

with this information and a documented or exported csv sheet, we can migrate this csv file to a perfect xml import file for our Sophos XG firewall (look at the possibilities from your source firewall system, maybe you can copy a list into Excel, delete every unnecessary things and convert it to a csv file like I did). I used the CSV to XML converter from freeformatter.com to built my new xml file (thanks for this!). Example csv for hosts:

pc-mister-bob;192.168.10.5
pc-mister-carl;192.168.10.54

example for networks:

wlan-guests;192.168.250.0;255.255.255.0
wlan-internal;172.16.54.0;255.255.255.0

example for services:

pcANYWHERE-data;tcp;5631
pcANYWHERE-stat;udp;5632

so the converter will convert the csv, delimited by semicolon and will put each line in a new xml format. Just copy your csv and your xml template into the site, choose semicolon as the delimiter like I did and click on “convert csv to xml”:

CSV to XML converter

copy only the definitions from the output (Example:)

<IPHost transactionid="">
     <Name>wlan-guests</Name>
     <IPFamily>IPv4</IPFamily>
     <HostType>Network</HostType>
     <IPAddress>192.168.250.0</IPAddress>
     <Subnet>255.255.255.0</Subnet>
  </IPHost>
  <IPHost transactionid="">
     <Name>wlan-internal</Name>
     <IPFamily>IPv4</IPFamily>
     <HostType>Network</HostType>
     <IPAddress>172.16.54.0</IPAddress>
     <Subnet>255.255.255.0</Subnet>
  </IPHost>

open the extracted Entities.xml and copy it between this lines:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration APIVersion="1702.1" IPS_CAT_VER="1">

and

</Configuration>

after this, save the xml file and copy it back to the .tar file. Now you can import the file into the XG and your new definitions are migrated easily. If you have many definitions, only import 100 definitions at one time (I had this also on a Sophos XG 650 device).

 

Feel free to ask in the comments. Have a nice day!

 

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.