Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
0
Helpful
2
Replies

Migrating complete setup of virtual ESA and SMA to physical appliances

REJR77
Level 1
Level 1

‎12-16-2016 08:01 AM

Hello,

We are running 2 virtual ESA and 1 Virtual SMA.

We think about migrating to physical appliances.

What would be the best way to "migrate" " copy" the configuration of the ESA and SMA to the physical one?

We use several Quarantines on the SMA

Thank you

Regards

Labels:
0 Helpful
2 Replies 2

Libin Varghese
Cisco Employee
Cisco Employee

‎12-16-2016 10:18 AM

Hi Romain,

Yes, the configuration file with unmasked password of the virtual devices can be imported to the physical devices as long as the Async OS releases match on both.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117841-technote-esareplace-00.html

You can also use "backupconfig" on the SMA to transfer data with matching Async OS again and enough storage space available.

This operation can be only be accomplished on a Cisco Security Management Appliance (SMA).

If your ESA is replaced for any reason, there is not a current capability to transfer tracking or reporting data from the old ESA to the new ESA. Only a configuration can be copied from one ESA to another.

Regards,
Libin

0 Helpful

dmccabej
Cisco Employee
Cisco Employee

‎12-17-2016 08:50 PM

Hello,

The most efficient way of copying the configuration from one ESA to another would be to create a cluster, with the primary caveat being that all ESA's need to be running the same ASyncOS. Once the new physical ESA has been clustered with the virtual/s, it can then be removed from the cluster if need be and it will still be holding the necessary copy of the configuration.

The SMA is a bit trickier since there is no clustering mechanism, however, as stated you can use the backupconfig command to transfer your Quarantine/Tracking/Reporting/SLBL data to another SMA. Keep in mind backupconfig will not transfer the actual configuration of the SMA. That would need to be done separately via an Export/Import of the configuration (plain passwords) from one SMA to the other (running same ASyncOS). Chances are even with them being on the same ASyncOS you will run into issues with importing the configuration from a virtual SMA to a physical SMA due to the hardware differences, but it can be done with some modification. It may just be easiest to manually mirror the configuration on the new SMA since there's really not that much to setup.

More info on the requirements and setup of these below :

Performing A Backup On The SMA

ESA Cluster Requirements And Setup

Thanks!

-Dennis M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents