Copying Visual Policy Manager from one ProxySG to another

book

Article ID: 170078

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Steps involved in copying the entire Visual Policy Manager (VPM) from one proxy to another. This is helpful when customer needs to have identical policies on couple of ProxySG's (or ASGs) and don't have a Director or Management Center to perform this. This will help in avoiding the pain of recreating the same objects and rules on the proxies.

NOTE: These steps help in only copying the policies configured on the VPM. It doesn't make any configuration changes on the Master proxy. 

Environment

Example below shows the copying of VPM from one proxy to another

Resolution

Requirements/Limitations

  • All the configuration items referred in the VPM should be having same name on both the devices. i.e. Authentication realm names, Keyrings, Forwarding Hosts etc. If these are not having the same name, one will get reference error when installing the policy. So make sure, the referred software configuration items are having the identical name on both the devices. To transfer the configuration from one Proxy to another you need to complete the following steps. They are in a logical order to follow, and each step contains a link to the KB Article with step-by-step instructions to complete that particular task: TECH241684 for more information.
  • Entire VPM will be copied over to the second proxy and will replace the existing VPM configuration. There is no option to do partial copy. Make sure you take an expanded backup of the second proxy before performing this to enable a restoration if something goes wrong. Backup can be taken by accessing https://proxy-ip:8082/archconf_expanded.txt also
  • SGOS version of the proxies should be be same or within the same sub branch to avoid any deprecation error while restoring.
  • Since the steps below involve dealing with XML file, it is recommended to use an advanced text editor like Notepad++ incase the file need to be saved before restoring on the second proxy. Also use the same editor to save the backup taken. Usage of windows default Notepad application, Microsoft Word when dealing with configuration backup is not advised.

 

Overall view on steps being performed

In ProxySG, Visual Policy Manager (VPM) provides an easy graphical interface for creating layers and rules within. VPM consists of 2 components, VPM-XML and VPM-CPL. VPM-XML is the look and feel one will experience when you open the Visual Policy Manager. This holds the information on the layers, their order, all objects created, VPM policy based category lists etc. VPM-CPL is the policy file which automatically gets generated when we click on Install button within the VPM. Steps we are going to follow is to copy only the VPM-XML file of the first proxy to the second one. As VPM-CPL is generated every time the Install button is clicked, there is no need to copy this to the second proxy.

 

Steps to replicate the VPM

Note: For ease of reference, the source Proxy is termed as Proxy-1 and the destination as Proxy-2

  1. Launch the web console of the Proxy-1 and navigate to Configuration [Tab] > Policy > Policy Files > Visual Policy Files [Tab]

  1. Select Text Editor from the drop down menu against the Install VPM-XML from: and click Install

  1. From the new window, copy the entire content within the text editor. Do CRTL+A CRTL+C to copy this to clip board.

  1. Click Close
  2. Launch the web console of the Proxy-2 and navigate to same location. Configuration [Tab] > Policy > Policy Files > Visual Policy Files [Tab]
  3. Select Text Editor from the drop down menu against the Install VPM-XML from: and click Install
  4. Replace the content in the Text Editor with the one copied from Proxy-1. i.e.. CRTL+A CRTL+V to paste from clipboard
  5. Click Install

  1. Click OK on the File Installed message box and Click Close
  2. Launch the Visual Policy Manager in Proxy-2. You will be able notice the same look and feel as that of Proxy-1.
  3. Click Install in the VPM so that the VPM-CPL corresponding to this new VPM-XML will be generated

Attachments