Manually updating Policy on standalone Firewall

[JoeShmoe]

We have a scenario where we are upgrading our mgt server to NGX R61 but still have 10 firewalls on our estate that are FP2 and thus incompatible.

These are due to be decomm'd in 3 months but in the meantime we need some way of keeping them in service and allowing this mgt server upgrade (which we need for other project functionality)

Therefore what we want to do is disconnect these firewalls and leave them standalone. However if a policy change is made on the parent group of firewalls these 10 would come under, can we somewhow export the ploicy off the mgt server, and import the file into these Firewalls manually? Do the Firewalls have some sort of command line interface that would allow import of policy files? Weve only ever done this as a push down from a mgt server?

Many Tks

[northlandboy]

Bit of a tricky scenario. I think it might be possible to manually edit .pf files and the like, but there's no way I'd want to do it in production.

If I was in your position, I'd probably build a new R61 server, and manage my upgraded firewalls with that, leaving the FP2 one alone.

Or, if you want to keep using the FP2 hardware, then I'd export the config from that management station to another R55 system, and manage the old firewalls with that.

If you're only looking at a handful of possible changes, for low traffic firewalls, then just chuck SPLAT R55 on any old PC, and manage the FP2 systems with that, while you upgrade your main management server