Upgrade/replace ISA2006 std with ent (Full Version)

All Forums >> [ISA 2006 General] >> Installation and Planning


allybee -> Upgrade/replace ISA2006 std with ent (11.Aug.2008 6:38:57 AM)

this forum helped me so many times that I hope to find solution for me new problem too :)
Due to the licensing issues (Microsoft Partner Program) I need to replace my current ISA2006 Standard with Enterprise edition. Does anyone have a solid upgrade/replace procedure?
Another question is if I will be willing to build additional ISA2006 Ent for NLB/fault tolerance do I need separate NIC for cluster communication? Is it something I should do during the replace of std to ent or can I do it later on?

Thanks, Marcin

zuhair.attya -> RE: Upgrade/replace ISA2006 std with ent (11.Aug.2008 8:29:25 AM)

I can't find an easiest way to upgrade other than exporting the rules and importing them after installation.

but I can asnwer your question regarding NLB... you can depend on the Internal NIC's for replication between the CSS's assuming you have them on the same box of the firewall "isa firewall"... however it is much better to have a seperate NIC's for replication connected to each other, from real life experience... the replication is much faster..

allybee -> RE: Upgrade/replace ISA2006 std with ent (18.Aug.2008 1:39:58 PM)

Thanks for the answer,
can I export also system policy and import it to the enterprise edition just like the rules ?
Should I first use a wizard to create 3-Leg scenario and then import firewall rules?

Thanks, Marcin

allybee -> RE: Upgrade/replace ISA2006 std with ent (20.Aug.2008 2:51:42 PM)

Hello again,

unfortunatelly that doesn't work. All I get is the error message that I cannot import data from Standard Edition to an Enterprise Edition. I tried this even with exporting/importing parts of config like network objects, networks, etc. Each time it fails :((
So it seems that I will need a weekend night to recreate a config with 200+ rules, 50+ custom protocols and 250+ network objects - which is BAD :(

gbarnas -> RE: Upgrade/replace ISA2006 std with ent (20.Aug.2008 3:25:19 PM)

If you have both standard and enterprise servers available, export one rule from each. There is one more XML tag line in the enterprise than in the standard. Exporting a single rule should make it easy to compare the two - the extra line will stand out as it's an extra level of indent in the XML file.

If you ADD that line (and corresponding close tag lien) to a Standard export, you can import it into Enterprise. Likewise, if you remove those lines, you can import from Enterprise into standard. I've done several Std to EE migrations this way and its been a lifesaver.


allybee -> RE: Upgrade/replace ISA2006 std with ent (20.Aug.2008 3:35:50 PM)

Thanks !
I will try that for sure. So in other words I would need to export/import all rules one-by-one or just find out that change using one rule export and compare and I could apply this to the whole big config and then import changed one on EE?

Thanks, Marcin

elmajdal -> RE: Upgrade/replace ISA2006 std with ent (20.Aug.2008 4:31:53 PM)


Check these articles :

Offline Rule Bases and Objects

Exporting and Importing Troublesome ISA Server Rule bases from 2004 to 2006

More on Exporting ISA objects to and from 2000, 2004, 2006


gbarnas -> RE: Upgrade/replace ISA2006 std with ent (21.Aug.2008 11:53:55 AM)

No - I only suggested that you export one rule from EACH server to quickly spot the one difference between them without wading through lots of text.

Once you know what's missing, you can export the full set, add the XML lines to the top and bottom of the data and you're good to go.

It's about learning what's different using a minimal data set. Its one thing to read an article, but its that first-hand experimenting that tends to make the light-bulb over your head go on more quickly, and certainly brighter. ;)


Page: [1]