Migration from SecurePlatform to Gaia

Security Gateway, Security Management, SecurePlatform


This solution describes a method for performing a migration from SecurePlatform to Gaia.
For example, when you want to replicate machine A (running SecurePlatform) onto machine B (running Gaia).
Important: The process described in this page handles operating system configuration only. Security Gateway migration is a different process, which is not discussed in this page.
  1. Export the SecurePlatform configuration into a tarball.
  2. Copy the tarball into the Gaia machine and extract the files.
  3. Run the Gaia converter on the SecurePlatform configuration files, to generate a clish script.
  4. Load the clish script into Gaia.
Step 1 - Export SecurePlatform configuration
You can do it in two ways:
  1. The recommended way is copying the configuration files directly, because it does not involve a cpstop and can be run on a production machine. You can use the copyfiles script to copy the files to a tarball.
  2. Get the files is through backup of SecurePlatform. This involves stopping the firewall (cpstop).
Step 2 - Copy the file into the Gaia machine
Copy the files from Step 1 into the Gaia machine, and put them in a directory.
Step 3 - Run the Gaia converter
Run the converter utility in the same directory where you put the SecurePlatform configuration files.
clish> expert
Enter expert password:
bash> converter -o myconfig
The resulting myconfig script contains clish commands that can be run in Gaia to replicate the same OS configuration.
Step 4 - Load the clish script
There are two ways to do it:
  1. The recommended way is to put the clish script in your home directory, and then run the following four commands:

    clish> set clienv on-failure continue
    clish> load configuration myconfig
    clish> set clienv on-failure stop
    clish> save config 
  1. Run the clish with a script like this:
    bash> clish -fi myconfig
    bash> clish -c "save config"

Note: The following files are processed by the Gaia converter.
File name
Interfaces and routing

Known hosts

User accounts
Known DNS servers

DHCP client
DHCP server
DHCP relay
Cron jobs
NTP client

Known RADIUS servers
RADIUS groups

ARP dynamic cache size