Juniper SRX - Sanitize Configuration Before Migrate

Printer Friendly Page

Generate the XML configuration by running this command from the CLI

 

show configuration | display xml | no-more

 

Before you import a Juniper SRX into Expedition, there are some manual checks we can do to verify the migration will work.

 

  1. The configuration must start only with <configuration> tag, you have to replace everything before or inside that tag by only <configuration>
  2. The configuration must end with </configuration> any other text after it must be removed

        Here's an example on how a SRX config should look when you edit:

 

<configuration>
....
....
</configuration>

 

  • For integrity validation is a good practice try to open the XML file from FIREFOX browser becasue if something is breaking the XML integretity FIREFOX will notice to you which line has an invalid character. You must replace the invalid character before upload it to Expedition

This is an example of wrong configuration. It seems someone created the file but stored with wrong jumps on it, so Firefox will complain about the format.

 

    srxfail.png

If we edit the file, we can see this at line 911 of the config file:

 

<pre-shared-key>
<ascii-text>$9$4xxxxxxxxxxxx</asc
ii-text>
</pre-shared-key> 

 

To fix this example, we have to remove the break line after </asc to:

 

<pre-shared-key>
<ascii-text>$9$4xxxxxxxxxxxx</ascii-text>
</pre-shared-key> 

Fix all the problems before importing into Expedition.

 

Hope this helps.

Comments

Hi I tried doing  the same and able to open the file in the firefox without any error ,but when i load in expedition im getting xml remove attributes in the configuration tag  and not loading .

 

XML file opens perfectly in all the browsers without any error ...Please advice