Firewall Wizards mailing list archives
ISA Firewall Config Transfer
From: "Bruce Smith" <bruce_the_loon () worldonline co za>
Date: Fri, 24 Oct 2003 22:34:50 +0200
Hi all This is a request for comments and opinions, not for assistance as such. According to MS and most of the resources out there, it is supposed to be impossible to back up a Microsoft ISA server's running config and transfer it to another ISA. Naturally this is a pain in the butt when it comes to upgrading to new servers. Our team has found what might be a way around this. When ISA is installed and configured, most of the settings are kept in the registry in key HKLM/Software/Microsoft/FPC and this key tree can be exported from the registry on the running ISA without a problem. Importing it onto another ISA causes trouble because there are two keys, CurrentArrayGUID and CurrentServerGUID that are unique to the instance of ISA. By finding these two values on the new ISA instance and doing a find/replace on the exported reg file, as well as a find/replace on the name of the server, we should end up with a reg key import file that will work on the new instance. While we haven't managed to test a full reg key import, we have successfully imported our policy elements and access rules from an existing ISA into a new instance with only one problem, the destination sets. With a litte more work, we should be able to solve this as well. Our plan is to eventually build a tool that will take all the required keys across as necessary and be able to replicate an ISA instance to a new machine without requiring a system state restore. Please feel free to make any comments/statements/suggestions on the information presented. Bruce Smith Internet Services Administrator _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ISA Firewall Config Transfer Bruce Smith (Oct 24)
- <Possible follow-ups>
- RE: ISA Firewall Config Transfer Thomas W Shinder (Oct 27)