Saturday, October 12, 2013

3120 Firewall upgrade part II

The upgrade issue I mentioned at a previous post turns out to be "expected behavior" according to Kerio.

To save you the time of reading that, what happens when you import from another export is that you do NOT get the interfaces set correctly at all.

Well, I'm a bit disappointed in that.  Yes, I understand it's difficult to know what interfaces should belong to what.  That's a given - I would not expect that ports on a 3120 hardware appliance would match up with the NIC cards on a Windows export, but I do think they could do better than just ignore everything.

That's what happens - no IP address information is imported.  OK, no big deal, you just have to do that part manually.   But why?

The interfaces have names.  WAN, LAN, maybe WAN2, maybe LAN2 or whatever.  Why not just bring those names in with their IP info and attach them to ports arbitrarily?  Then all you'd need to do is adjust the port assignments.

So in this section of winroute.cfg, obviously the "Id" can't be accepted on import - but Name can and so can the IP information - why throw it away?

    <variable name="Id">\DEVICE\{FE8BB26F-4D42-46AE-AC60-25487EF37DD1}</variable>
    <variable name="EthId">/device/eth/{00-0c-29-a9-f3-c4}</variable>
    <variable name="RasId">/device/ppp/101</variable>
    <variable name="Name">LAN</variable>
    <variable name="Medium">0</variable>
    <variable name="Group">Trusted</variable>
    <variable name="Enabled">1</variable>
    <variable name="Stp">0</variable>
    <variable name="MtuOverride">0</variable>
    <variable name="Encapsulation">Native</variable>
    <variable name="IPv4Enabled">1</variable>
    <variable name="Mode">Manual</variable>
    <variable name="IPAddress">172.16.102.160</variable>
    <variable name="Mask">255.255.255.0</variable>

Oh, well, that explains my confusion though.  I though the import was broken and I was right, except they expect it to break!

No comments:

Post a Comment