Bug #12516
closed
Backup/Restore NAT should auto-create associated firewall rules
Added by Marc Mapplebeck over 2 years ago.
Updated over 2 years ago.
Category:
Backup / Restore
Affected Plus Version:
21.05.1
Affected Architecture:
All
Description
I am in the process of migrating settings from an older HA pair of XG-7100 units to a new HA pair of XG-1537. I just found that while migrating NAT port forwards through the backup/restore process, that associated firewall rules are not regenerated. I was really hoping to have that automated without also having to import firewall rules as I only have a small number of firewall rules(aside from NAT associated ones). The linking of associated firewall rules is noted in NAT section of exported NAT. <associated-rule-id>nat_6058e02d0751c9.39824064</associated-rule-id>, this might be a change needed for both the backup process(i.e. when exporting NAT, also export associated rules), and changes to restore process(i.e. when importing NAT, either also load firewall rules, or just regenerate a rule).
- Status changed from New to Rejected
- Target version deleted (
Plus-Next)
That wouldn't be possible. The associated rules are linked but separate, you have to restore both NAT and firewall rule sections to get them both back fully. Creating them again would not only likely put them in the wrong order in the ruleset, but also may not re-create them as expected. The rules could have been altered after they were created.
If it backed up both it would violate the current method of single area backups as it would have to include tags for both NAT and firewall rules and then somehow figure out how to partially merge rules afterward, which is also problematic.
I don't see a viable way to make that happen since even if it didn't fundamentally break the per-section methodology there are too many ways it could break or not have the intended result.
Also available in: Atom
PDF
Updated by