Requirements/Limitations

• All the configuration items referenced in the VPM should have the same name on both the devices. i.e. Authentication realm names, Keyrings, Forwarding Hosts etc. If not, a reference error will occur when installing the policy. Also, if there are any user defined exceptions used, it is essential that they are copied from one Edge SWG (ProxySG) to another so that the policy gets installed
  To transfer the configuration from one Edge SWG (ProxySG) to another you need to complete the following steps. They are be done in order and each step contains a link to the KB Article with step-by-step instructions to complete that particular task: Article 165985 for more information.
• Entire VPM will be copied over to the second Edge SWG (ProxySG) and will replace the existing VPM configuration. There is no option to do partial copy.
  Make sure to take an expanded backup of the second Edge SWG (ProxySG) before performing this to allow a restoration if something goes wrong.
  Backup can be taken by accessing https://proxy-ip:8082/archconf_expanded.txt 
• SGOS version of the Edge SWG (ProxySG) should be same or within the same sub branch to avoid any deprecation error while restoring.
• Since the steps below involve dealing with XML file, it is recommended to use an advanced text editor like Notepad++ incase the file needs to be saved before restoring on the second Edge SWG (ProxySG). Also use the same editor to save the backup taken. Usage of windows default Notepad application, Microsoft Word when dealing with configuration backup is not advised.

Overall view on steps being performed

In Edge SWG (ProxySG), Visual Policy Manager (VPM) provides an easy graphical interface for creating layers and rules within. VPM consists of 2 components, VPM-XML and VPM-CPL. VPM-XML is the look and feel one will experience when you open the Visual Policy Manager. This holds the information on the layers, their order, all objects created, VPM policy based category lists etc. VPM-CPL is the policy file which automatically gets generated when we click on Install button within the VPM. Steps we are going to follow is to copy only the VPM-XML file of the first Edge SWG (ProxySG) to the second one. As VPM-CPL is generated every time the Install button is clicked, there is no need to copy this to the second Edge SWG (ProxySG).

Steps to replicate the VPM

Note: For ease of reference, the source Edge SWG (ProxySG) is termed as Proxy-1 and the destination as Proxy-2

1. Launch the web console of the Proxy-1 and navigate to Configuration [Tab] > Policy > Policy Files > Visual Policy Files [Tab]

2. Select Text Editor from the drop down menu against the Install VPM-XML from: and click Install

3. From the new window, copy the entire content within the text editor. Do CRTL+A CRTL+C to copy this to clip board.

4. Click Close
5. Launch the web console of the Proxy-2 and navigate to same location. Configuration [Tab] > Policy > Policy Files > Visual Policy Files [Tab]
6. Select Text Editor from the drop down menu against the Install VPM-XML from: and click Install
7. Replace the content in the Text Editor with the one copied from Proxy-1. i.e.. CRTL+A CRTL+V to paste from clipboard
8. Click Install

9. Click OK on the File Installed message box and Click Close
10. Launch the Visual Policy Manager in Proxy-2. You will be able notice the same look and feel as that of Proxy-1.
11. Click Install in the VPM so that the VPM-CPL corresponding to this new VPM-XML will be generated

Note-: It is important that the step-11 (Install in the VPM) is completed, for the policy to take effect on the Proxy-2

For the SGAC, the policy files can be accessed as shown in the snippets below.

Where there are any failures during the policy file restore, on another similar appliance, the failed piece would have to be manually reconfigured.