Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Transferring configuration to a replacement SSG firewall

    Posted 08-11-2009 08:45

    What is needed to transfer complete configuration from one SSG140 (A) to another SSG140 (B)?   They have identical os versions and the goal is to physically replace A with B.

     

    Obviously I need to export and load the configuration data.

    I will also need to generate new SSL Certificate for the firewall (B).

     

    What about preshared keys that were entered in (A). Will they transfer with the configuration (as their "hashes" are there) or do I need to re-enter them?



  • 2.  RE: Transferring configuration to a replacement SSG firewall
    Best Answer

    Posted 08-11-2009 08:58
    the preshared keys for the vpns will still work fine.


  • 3.  RE: Transferring configuration to a replacement SSG firewall

    Posted 08-12-2009 06:08
    Indeed, I just tested it and the VPN tunnels work fine with the configuration copied from one router to another - no need to reenter preshared keys.


  • 4.  RE: Transferring configuration to a replacement SSG firewall

    Posted 08-11-2009 10:11
    I imagine you have to do high availability. Through web, download the config file from A and upload it in B. If you want to have both appliances working at the same time before uploading the config file to B change the manage-ip in it in order to manage the secondary.