ProxySG & Advanced Secure Gateway

 View Only
  • 1.  Replace physical appliance with virtual appliance for Edge SWG

    Posted Apr 24, 2024 08:11 PM

    Hello All,

    We are using the physical appliance of Edge SWG and want to replace it with the virtual appliance. I've found knowledge base for backup and restore the configuration in this link Back up and restore the configuration of Edge SWG (ProxySG) or Advanced Secure Gateway appliances

    Is there any document related to moving policies from physical appliance to virtual appliance? Or any document for step-by-step to replace physical appliance with virtual appliance?

    Thank you.

  • 2.  RE: Replace physical appliance with virtual appliance for Edge SWG

    Broadcom Employee
    Posted May 10, 2024 11:57 AM

    Hi Anh,

    The steps in the article will also include moving the policy over from one box to another. If you are hoping to move just the Visual Policy Manager (VPM) policy, the Copying Visual Policy Manager from one Edge SWG (ProxySG) to another can guide you through that. In both situations, you will want to make sure that the physical appliance and the Edge SWG are on the same version of SGOS when copying the configuration over. 

    Both of the prior documents work well if you only have one or two boxes to migrate. If you have more boxes to migrate, the recommendation would be to use Management Center. If you don't have it deployed already, you should already be entitled to spin up a virtual Management Center to use if you own the Web Protection or Network Protection licensing.

    Once a new Management Center is deployed, both the old physical appliance and new virtualized Proxy can be added to the new Management Center. Once added, you can use Management Center to run a configuration Import Script on the legacy appliance, and then execute the script on the new virtual proxy to copy the configuration over.

    The same can be done with policy, where you import policy from the legacy SG, and then install the policy to the virtual proxies. Before installing the configuration on the new proxy, you would want to join the domain (if using IWA Direct), recreate any hidden SSL keyrings, and address any other caveats mentioned in the Backup and Restore KB.