Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Upgrade/replace ISA2006 std with ent

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> Upgrade/replace ISA2006 std with ent Page: [1]
Login
Message << Older Topic   Newer Topic >>
Upgrade/replace ISA2006 std with ent - 11.Aug.2008 6:38:57 AM   
allybee

 

Posts: 17
Joined: 19.Apr.2008
Status: offline 		Hello,
this forum helped me so many times that I hope to find solution for me new problem too :)
Due to the licensing issues (Microsoft Partner Program) I need to replace my current ISA2006 Standard with Enterprise edition. Does anyone have a solid upgrade/replace procedure?
Another question is if I will be willing to build additional ISA2006 Ent for NLB/fault tolerance do I need separate NIC for cluster communication? Is it something I should do during the replace of std to ent or can I do it later on?

Thanks, Marcin
Post #: 1
RE: Upgrade/replace ISA2006 std with ent - 11.Aug.2008 8:29:25 AM   
zuhair.attya

 

Posts: 11
Joined: 3.Mar.2008
Status: offline 		dude,
I can't find an easiest way to upgrade other than exporting the rules and importing them after installation.

but I can asnwer your question regarding NLB... you can depend on the Internal NIC's for replication between the CSS's assuming you have them on the same box of the firewall "isa firewall"... however it is much better to have a seperate NIC's for replication connected to each other, from real life experience... the replication is much faster..



_____________________________

Zulu

(in reply to allybee)
Post #: 2
RE: Upgrade/replace ISA2006 std with ent - 18.Aug.2008 1:39:58 PM   
allybee

 

Posts: 17
Joined: 19.Apr.2008
Status: offline 		Thanks for the answer,
can I export also system policy and import it to the enterprise edition just like the rules ?
Should I first use a wizard to create 3-Leg scenario and then import firewall rules?

Thanks, Marcin

(in reply to zuhair.attya)
Post #: 3
RE: Upgrade/replace ISA2006 std with ent - 20.Aug.2008 2:51:42 PM   
allybee

 

Posts: 17
Joined: 19.Apr.2008
Status: offline 		Hello again,

unfortunatelly that doesn't work. All I get is the error message that I cannot import data from Standard Edition to an Enterprise Edition. I tried this even with exporting/importing parts of config like network objects, networks, etc. Each time it fails :((
So it seems that I will need a weekend night to recreate a config with 200+ rules, 50+ custom protocols and 250+ network objects - which is BAD :(

(in reply to zuhair.attya)
Post #: 4
RE: Upgrade/replace ISA2006 std with ent - 20.Aug.2008 3:25:19 PM   
gbarnas

 

Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline 		If you have both standard and enterprise servers available, export one rule from each. There is one more XML tag line in the enterprise than in the standard. Exporting a single rule should make it easy to compare the two - the extra line will stand out as it's an extra level of indent in the XML file.

If you ADD that line (and corresponding close tag lien) to a Standard export, you can import it into Enterprise. Likewise, if you remove those lines, you can import from Enterprise into standard. I've done several Std to EE migrations this way and its been a lifesaver.

Glenn

(in reply to allybee)
Post #: 5
RE: Upgrade/replace ISA2006 std with ent - 20.Aug.2008 3:35:50 PM   
allybee

 

Posts: 17
Joined: 19.Apr.2008
Status: offline 		Thanks !
I will try that for sure. So in other words I would need to export/import all rules one-by-one or just find out that change using one rule export and compare and I could apply this to the whole big config and then import changed one on EE?

Thanks, Marcin

(in reply to gbarnas)
Post #: 6
RE: Upgrade/replace ISA2006 std with ent - 20.Aug.2008 4:31:53 PM   
elmajdal

 

Posts: 5061
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Hi,


Check these articles :


Offline Rule Bases and Objects

Exporting and Importing Troublesome ISA Server Rule bases from 2004 to 2006

More on Exporting ISA objects to and from 2000, 2004, 2006

HTH,
Tarek



_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to allybee)
Post #: 7
RE: Upgrade/replace ISA2006 std with ent - 21.Aug.2008 11:53:55 AM   
gbarnas

 

Posts: 147
Joined: 27.Apr.2005
From: New Jersey
Status: offline 		No - I only suggested that you export one rule from EACH server to quickly spot the one difference between them without wading through lots of text.

Once you know what's missing, you can export the full set, add the XML lines to the top and bottom of the data and you're good to go.

It's about learning what's different using a minimal data set. Its one thing to read an article, but its that first-hand experimenting that tends to make the light-bulb over your head go on more quickly, and certainly brighter. ;)

Glenn

(in reply to allybee)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> Upgrade/replace ISA2006 std with ent Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts