WebAdmin: Export / Import of Network Definitions
Make it possible to export and import lists of definitions - especially host definitions.
especially for great migrations to SOPHOS UTM it is very, very helpful you can import and export definitions AND rules, made bei a notepad editor bevore. It is a time eater to tipping more than 300 objects and 200 rules into the SOPHOS Appliance. Great idea to include this feature.
An export / IMPORT of ALL Definitions (network, Services, Time periods, etc) to a txt, gz, zip etc file would be great. Lots of us use a txt editor, VI comes to mind. Great to be able to save output from that and import to your appliance.
I agree; being able to import list(s) of IP's would be handy. From a services level there is a lot of IP's that need to be blocked. Manual adds are just too tedious.
Lutz Herzog commented
Very much needed. It is a pain in the a** to create more than a dozen objects in that web gui. it is sad, that it's not even possible to export/import from one asg box to an other - always the full backup hast to be restored. there should really be a way of exporting some parts of the config and restore in in the other box. never did a floating migration??
I think that would be a nice feature for companies with large infrastructure
Patrick Ruch commented
i agree to Andreas and Karim. We need the possibility in several projects to export objects from an ASG to import them into the ACC !
I've just been asked to add 750 network defs to our firewall :(
Even more painful without nested groups.
Karim Christian Kronfli commented
Now that we have the ability to push definitions from an ACC it would be nice to be able to pull them from an already configured ASG, as you usually configure an ASG first before setting up an ACC.
Clayton Dillard commented
This is very much needed. There are thousands of hosts that could be made into individual lists for things like "Known RBN Hosts", "Known Spam Hosts", etc. Adding all of these by hand is a mess.
Bob Alfson commented
With V7.4 and later, it seems to me that this approach is no longer necessary. Commtouch does a great job of tracking IP reputations.
Hearty agreement. For those SMTP users who want to implement IP ranges for blacklisting, this would be a huge boon. Similar to the SendMail "w.x.y.z - a.b.c.d REJECT" lines in the .cf files.
Karim Christian Kronfli commented
This is just what I am looking for and as an additional option if we could host those definitions on the ACC and push them out to individual and or all the ASGs so we could make a change in one place rather than dozens
Poul Petersen commented
This is sort of complementary to the idea over on the ACC features of being able to centrally manage settings from ACC. But I can see how being able to do both central management from ACC *and* being able to export/import settings could be beneficial under different circumstances - say as a contractor building up ASGs for end users where you wouldn't be able to centrally manage all of them.
At a customer I have built up lists of almost thousand host definitions. Then the customer have several locations that should have the same set of host definitions.
If I could export the host definitions of one Astaro and import to the others this would make the initial job and future updates much faster.
What I do today is to do a full config-backup and set it up at the other location and then alter the settings that should be changed (name/ip and some other). But import/export would be much faster and more easy.
Alternatively you could choose what to import when importing a backup. E.g. choose to only import definitions and packet-filter rules - not other settings such as IP/name and other.