Hello,

at first, there might be a way to copy/paste some config/account files (which I do not 100% know) but there is also the way to do this with a backup file which I will explain here. I hope that this still helps you, otherwise let us know further details.

Please notice, I just did a quick test with one additional user/role/permission assignment and it worked but I still recommend to test this out of business hours or simply between 2 test machines where no user traffic is!

When you create a backup, it contains policy, configuration and accounts part. If you want to restore the backup file to a new single machine including the configuration and accounts part, you will need the UUID of the "old" appliance. After restore, new machine has then same policy and configuration including same IP config as the old one (there might be an IP address conflict to this time), so you will need to manually change the IP via CLI, then login to UI and do the change there again and save it via UI to make it permanent. Then you have a new machine with same policy, configuration (exceptional the IP config) and accounts as the other one.

So steps would be:
1. take backup of old machine (including policy, configuration and accounts)

2. get UUID of old machine via CLI:
# mwg-info uuid

3. transfer backup file via filezilla or other to new single machine (rest of the cluster members will sync this later via central management)

4. login via CLI to new machine

5. use following command to restore this backup using old UUID (path to backup and UUID needs to be adjusted).
Important: after restore, there might be an IP address conflict with old one until you change the IP address manually.
Command:
# /opt/mwg/bin/mwg-coordinator -u mwgc:mwg -R "file:in=/var/backup.old;options:forcedetachgui=yes,uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

explained in this article:
https://community.mcafee.com/t5/Documents/Web-Gateway-Restoring-a-backup-after-a-Hardware-replacemen...

6. after successful restore, manually change IP of new machine and set default route that it can be reached

7. login to UI of new machine using new assigned IP

8. make any change to IP config like deleting and re-adding some characters and press "Save Changes" button to make it permanent (CLI changes are only available until next reboot).

9. now, add other new machines (for new cluster) to this one new machine and they will sync the policy (including lists) + accounts. If you further want to make sure that first single machine becomes "sync master" you can modify the node priority under "Configuration" > "Central Management" > "Advanced Management Settings" > "Node priority".

As mentioned above, I did a quick test. I created new user, test role and assigned this role as read only permission to a category list. Then have taken a backup, restored this to new machine etc. At the end, new machine shows same policy/configuration/accounts and I can also see this one permission assignment of my test role in category list etc.

I hope you find this information helpful and that I did not make any mistake! 😊
Please let us know if you have further questions.