Flex 500H manual migration of user account configurations
Freshman Member
This is already my second consultation regarding migrating the configuration from USG Flex 200 to Flex 500H.
This time, I am trying to migrate part of the configuration related to user account definitions (including passwords).
I have successfully extracted the necessary information from the Flex 200 configuration file and adapted its format to meet the requirements of Flex 500H, while maintaining the required configuration file structure.
However, when I load the modified file and run the configuration test, it fails.
My question is: what could be causing this?
The structure of the configuration file for defining a single user seems obvious:
/ object user-object user "kaktusus" / object user-object user "kaktusus" "role" "user" / object user-object user "kaktusus" "password" "$$LCcs4rYU$EsaVbjOJ$T5IyhXbLPL3la2Xg3ldsACQqcUVGxC08AnLLS2h2BDSMwsXfJxd5hCs1Tm45B8aQl1/mQxSNjCt73p3B4PSObE0l8xb9pdGU6YiNPDT1ufcpAmcbZgun45IwT9ryfb7IM4DBK4SLtjDI7ClP2/mQRQxhnx4FDkvI1TPoHxQzCYw2OAeJgLF84t4iQ11nM9JlXhsmhPavX6mBYU0DwGeQ9e3XmN27vv8J55B1ELUL+NV/Qatudk1JgXJiU6xYXG18FruS9JsRawD6ORzPnRkjXxtel+BMbxsuCL2rn//IkJpplpZ0pHXiYqzLiQAwuYzPpXwG5eZwrXsmGgUh2eRMo/BLGycKt401zGKeHapBRdU$" / object user-object user "kaktusus" "description" "VPN User" / object user-object user "kaktusus" "logon-lease-time" "480" / object user-object user "kaktusus" "logon-reauth-time" "480"
My intuition tells me that the problem may occur at the password setting stage …
How can I deal with this problem without having to manually enter the configuration of dozens of users through the GUI❔
After completing the process successfully, I can share the scripts (offline) that I prepared and which are very useful. They also include the conversion of the static DHCP host list. 😎
All Replies
-
I'm guessing each unit has a default key to then encrypt the password.
On non H models its possible to have the password in the clear not sure if you can do that with H models.
In fact just tested with a FLEX 200H and 700H with the same user name and password and the encrypted password are both different.
0 -
I understand. It's a big problem.
Tomorrow I plan to perform a few tests while omitting the password.
I am interested to know if anyone has already succeeded in importing ‘external users’.I am still awaiting further suggestions or recommendations.
0 -
-
Hi.
The online tool "Firewall Configuration Converter" does not allow migration of configurations from Flex200 to Flex500H. I own such devices.Therefore, I created a functionality that helped me transfer selected sections of the configuration file. I described information about the script in the previous message.
If you are interested in more details about my migration, I am open to questions.
Moreover, I believe that a configuration file contains sensitive data, and I would prefer not to upload it to the internet.0 -
Hi @kaktusus
Yes, I'm interested on this case. Could you share more details with me via private message?
Zyxel Melen0 -
Ok, no problem.
I will prepare a description of my approach and share it with you, along with the scripts.
My scripts are Bash scripts, using standard tools such as awk.
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 123 Nebula Status and Incidents
- 6.3K Security
- 486 USG FLEX H Series
- 320 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 452 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 93 Security Highlight
