Migrating from one Sonicwall to another

Sonicwall likes to point out that their O/S – SonicOS – runs on all of their gear from the lowly (but good!) TZ105 to the mighty SuperMassive series.  While that may be true is does not immediately follow that settings from one Sonicwall can just be “dropped” on to another.  In fact, in many cases, you will blow a mighty hole in your foot by doing so!

Sonicwall does have a matrix that lists the possible migration routes and it can be quite surprising what paths are available and what paths are not.  For example, while you can migrate from a TZ215 to an NSA220, you cannot perform the same migration to an NSA250M (I know this one for a fact because I just tried it).  And, even if the settings DO apply on the new firewall you still need to check things out thoroughly as things might not work exactly as you expect.

If you are going to upgrade your Sonicwall with a newer model then you should first check out the matrix here.  If your upgrade is supported (eg if you can apply exported settings to the new firewall) then make sure that both firewalls are at the same firmware release level (or as close as possible) prior to the export/import.  If your upgrade is NOT supported then your only real choice is to “hand code” the new firewall settings.  Having done this more than a few times I can tell you the best way is to have dual screens with the firewalls open, one per screen, and then go through each setting one-by-one until you have a “match”.  There really is no other way to do it, there is no tool currently available from Sonicwall that will do the job for you.  There was a beta conversion tool available to convert foreign configs (a la Cisco) to Sonicwall format but I’ve not seen it in awhile and I don’t believe it had the ability to migrate configs between various Sonicwall models.