Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Been gone too long... need help to import
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Been gone too long... need help to import - 3.Jun.2008 2:20:16 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Hey guys,
I've been away too long... life and work getting in the way...
I'm hoping for some help to export a whole bunch of rules and elements from one ISA 2K4SE server to another 2K4SE. Both are production machines but not sure if they are the same SP level. To make a long story short, I got a new boss and the ISA server at his old place put mine to shame. Now he want me to make mine like his.
All the tutorials I've found are about migrating from one version of ISA to another or about importing lists with scripts. Could someone point towards some pertinent reading?
Thanks,
Les
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Been gone too long... need help to import - 5.Jun.2008 11:31:52 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
old skool... ja, that's me. thanks for the welcome
The boss exported all his rule elements to separate xml files and I compared some of his to mine. There are all these CLSID lines that appear to be unique. I read somewhere that if I created an empty rule element of same name, purpose, etc, and then copy paste only the strings section from his to mine, that it would be the safe way to go.
Do I need to go through all that? The thing is that his ISA server is on the other side of the continent in a different subnet and in a different OU so I don't want elements specific to his. Also, his is only a single NIC implementation whereas mine has two NICs configured as a firewall. I'm hesitent to simply import his export unmodified.
I looked around on isascripts.org but didn't find anything specific to migrating rule elements.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Been gone too long... need help to import - 5.Jun.2008 12:38:24 PM
|
|
|
Jason Jones
Posts: 1801
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
If his setup is so different, why are you trying to use it? What is it about his config that you acutally need if the setup are different?
When you do the imports, you have an option to include or exclude server specific information, this may be the missing link for you...
_____________________________
Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/
Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Been gone too long... need help to import - 5.Jun.2008 8:09:33 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
quote:
ORIGINAL: Jason Jones
If his setup is so different, why are you trying to use it? Um... cuz he's my boss and he told me to.
My ISA is a simple setup with no blacklists. His has a dozen rule elements with thousands of blacklisted URLs, domains, IPs, etc.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Been gone too long... need help to import - 6.Jun.2008 9:41:11 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
I never said anything about importing his entire config. I wouldn't even consider importing his entire rule base. It's just the rule elements he told me to import. Just don't know if I should do a straight import or copy/paste the strings sections. I can hand-job the rules after I get the elements all sorted. I don't understand how those CLSID sections in the xml files work.
My ISA server is in production and I cannot afford to have it go down. It isn't used as a real firewall on the edge but rather as a dual NIC proxy behind a Cisco router that is ill configured and out of my jurisdiction. If I reboot my ISA server it screws up their BGP tables on the Cisco and they have to reset it dropping all the non-ISA sessions in the process. It's a 24/7/363 operation.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: Been gone too long... need help to import - 6.Jun.2008 10:19:40 AM
|
|
|
Jason Jones
Posts: 1801
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
I import rules from one customer to another customer and from one array to other arrays in the same Enterprise quite a lot and rarely (if ever) hit issues. I also often prep rules in my VPC and then import when I have setup the core config when onsite. Maybe you could do the same and test the rules before applying them into production?
I would be pretty confident using the native import feature as this is much less likely to go wrong than messing about with XML files.
Sorry, I wasn't really sure what you were asking and your "I got a new boss and the ISA server at his old place put mine to shame. Now he want me to make mine like his." statement sounded like you were talking about the entire system.
Hope you get it sorted...
Cheers
JJ
_____________________________
Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/
Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Been gone too long... need help to import - 6.Jun.2008 8:00:45 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Eh Tarek, so you're a mod now. Ja, still using m0n0wall on my wireless hotspot.
Thanks for the assurances that I can do a straight import of the rule elements. I'm not going to import the rules though. Will hand-job those.
I'm not seeing much talk here about Forefront. Is it a dirty word or are you going to spin off a new website for it?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
