RE: [fw-wiz] ISA Firewall Config Transfer
From: Thomas W Shinder (tshinder_at_starblazer.tzo.com)
Date: 10/25/03
- Previous message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"
- Maybe in reply to: Bruce Smith: "[fw-wiz] ISA Firewall Config Transfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Bruce Smith" <bruce_the_loon@worldonline.co.za>, <firewall-wizards@honor.icsalabs.com> Date: Sat, 25 Oct 2003 08:20:47 -0500
Hi Bruce,
Go to www.isatools.org and get the Import/export script.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Bruce Smith [mailto:bruce_the_loon@worldonline.co.za]
Sent: Friday, October 24, 2003 3:35 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] ISA Firewall Config Transfer
Hi all
This is a request for comments and opinions, not for assistance as such.
According to MS and most of the resources out there, it is supposed to
be impossible to back up a Microsoft ISA server's running config and
transfer it to another ISA. Naturally this is a pain in the *** when it
comes to upgrading to new servers.
Our team has found what might be a way around this. When ISA is
installed and configured, most of the settings are kept in the registry
in key HKLM/Software/Microsoft/FPC and this key tree can be exported
from the registry on the running ISA without a problem. Importing it
onto another ISA causes trouble because there are two keys,
CurrentArrayGUID and CurrentServerGUID that are unique to the instance
of ISA. By finding these two values on the new ISA instance and doing a
find/replace on the exported reg file, as well as a find/replace on the
name of the server, we should end up with a reg key import file that
will work on the new instance.
While we haven't managed to test a full reg key import, we have
successfully imported our policy elements and access rules from an
existing ISA into a new instance with only one problem, the destination
sets. With a litte more work, we should be able to solve this as well.
Our plan is to eventually build a tool that will take all the required
keys across as necessary and be able to replicate an ISA instance to a
new machine without requiring a system state restore.
Please feel free to make any comments/statements/suggestions on the
information presented.
Bruce Smith
Internet Services Administrator
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Luke Butcher: "Re: [fw-wiz] One Time Password Tokens"
- Maybe in reply to: Bruce Smith: "[fw-wiz] ISA Firewall Config Transfer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
