I want to move my config from the SA-2000 to the SA-4500
SA-2000 6.0R3.1 (build 12507)
SA-4500 6.1R1 (build 12821)
I have tried exporting the config (cfg and xml) from the SA-2000 and importing the config to the SA-4500 but it didn't work..
so do I need to upgrade the sa-2000 to the same release 6.1R1? the sa-2000 is used 24*7 and I want the down time to be as short as possible and be sure all functionality is working if we upgrade (we are using most of the functions in the sa).
Not sure how supported this, but it works fine..Yes you'll need to match the firmwares of the export box to the import box. I only ever use the system.cfg and user.cfg and don't bother with the XML file, too easiy corrupted IMHO!
I did the same thing, exported a 6.0r3.1 config from a SA3000, import to a SA2000, upgade the SA2000 to 6.1, export the config then import into a SA4500 without problem. Just remember:
You'll probably need to reset the node secret if using RSA (but not always, seems pretty random)
If you intend to keep the "old" box on the network as well as the new box and you're using NTLM authenticaiton you'll probably want to change the machine name it creates in the domain from the auth server properties otherwise they'll trample over each other.
it won't help to bring both SAs to the same version because the config is not compatible. Network configuration and certificates can be copied but the rest - the more important and complex part - not.
I run into this problem and contacted Juniper Support. They confirmed that it is not possible to copy configurations from SAx000 to SAy500.
I guess that's also the reason why you can't have a 2000/2500 or 4000/4500 mixed cluster.
Sorry to disagree Steffen, definatly works as I've done precisely this in three production environments, including our own..Our polices are as complex as you like..
If you want to do this from a 2000 cluster to a 4500 cluster you'll need to break the cluster on the 2000 first _before_ you do the upgrade then export, but once you've done the import you can easily re-create the cluster. Again, I've done precisely this in another customers enviroment..