How do I import a CLI text file into a SonicWall firewall? (6.5.0.0 & Above)

NOTE: If you are looking to export your configuration to a text CLI file, see Export configuration settings using Enterprise Command Line Interface (E-CLI) 

NOTE: This process requires the use of an FTP server.  This can be the same device used for the SSH connection as long as the FTP server contains your text file and is connected to the SonicWall appliance

CAUTION: This is an advanced process that requires the user to verify items are configured in the appropriate order.  This procedure is not meant to be a guide for all scenarios. 

CAUTION: If importing settings that were exported from another device, passwords will appear encrypted in the export.  These passwords may require modification for CLI to accept them.

TIP: See below for a few example errors you may encounter:

•  Importing or attempting to modify an interface that is portshielded, you will first need to change the interface to unassigned.  TZ units in a factory default configuration have all interfaces except X0 and X1 portshielded to X0.  As such, TZ units that are factory reset will likely need to have these interfaces adjusted to unassigned before processing can be completed.
• If you are exporting a cli configuration from a different device, you will need to remove the first section talking about uptime, serial, etc as these are just statistics from the firewall's current status and not configurations.
  • Adding commit after each configuration section will help to ensure items are useable by the firewall in later instances (biggest example being address-objects being useable for address-groups).  The below command in Notepad ++ will swap every instance of 'exit' with the following:
    exit
    commit
    (blank line)
    
  • Wireless configurations using VAPs will require manual re-ordering of the configuraiton commands as they are currently exported in a top down fashion.  The VAPs will need creation prior to using them on the sonicpoint provisioning profiles.
• If an overlap or change to a default rule occurs, you will see the an output similar to the following:
  
  The above error is referenced in the process below, but this specifically states an overlap exists in the DHCP server.  To resolve you will need to exit the configuration with Ctrl + C, adjust the text file to either remove the overlap and configure the new settings or remove the new settings and manually configure later.  You can then run the process again from this point.  If you had added commit lines leading up to this point, you should be able to remove anything above the commit prior to this errored entry.

1. Log in to the SonicWall via SSH
2. Enter configuration mode by submitting the "config" command.
3. Issue the following command:
   conf
import cli ftp ftp://user:password@ftpserverip/config.txt merge best-effort
   

   EXAMPLE: Example below has the username of admin and password of password at an FTP address of 192.168.168.6 with the text file being config.txt

    

4. After pressing enter, the firewall will start entering commands from the text file and attempt to input all commands in a best-effort fashion.
5. The firewall will then prompt you to commit any changes.  Type yes and press enter to confirm.
   
6. If any errors occur, the text file will need to be modified.
   

   EXAMPLE: In the example below, a configured DHCP server overlapped with an existing configuration causing issues with importing the configuration.  This can be resolved by modifying the txt file and removing the overlapping lines.  Make a note of the configuration changes removed. If they are still necessary, they will need to be created after the firewall reboots.

    

7. If a reboot is required, the firewall will prompt you to do so.  Otherwise, these changes are now in effect.