Backup
You can back up and restore Sophos Firewall configurations from Sophos Central.
We recommend that you set up scheduled backups and also do a backup before and after significant changes or before a firmware upgrade.
Note
Central attempts to take a backup five times. If Central fails to take a backup after these attempts, an email notification is sent to the Central administrator, informing them that the backup has failed. Central also generates an alert, "Firewall backup generation has failed".
Warning
When you remove a Sophos Firewall from Sophos Central management, we remove all backup files related to that firewall. If you re-add the firewall, we generate new backup files.
Schedule firewall backups
Schedule backups as follows. Make sure you set up a schedule that won't overload your system.
-
Go to My Products > Firewall Management > Backup.
-
In Schedule Backup, select the Backup Frequency. The default is weekly.
-
Set the day of the week (or the date if you selected monthly backups) when the backup will happen.
Note
Backups happen at 0800 local time (the time zone of the region the account is in). You can’t change this.
-
In the Devices list, click Add New Item and add the firewall you want to back up.
- Click Save.
Sophos Central keeps your five most recent backups but discards any earlier backups.
If you want to keep a backup permanently (or until you delete it), see Store a backup permanently.
Automatically add a firewall to your backup schedule
To automatically add your firewall to your backup schedule, do as follows:
-
On Sophos Firewall, turn on Sophos Central Services, select Manage from Sophos Central, and select Send configuration backup to Sophos Central.
-
In Sophos Central, click Accept services.
Your firewall is added to your existing backup schedule.
When you have an existing firewall that's registered with Sophos Central, to automatically add it to your backup schedule, do as follows:
-
On Sophos Firewall, turn on Sophos Central Services, select Manage from Sophos Central, and select Send configuration backup to Sophos Central.
Note
If Send configuration backup to Sophos Central is already selected, you must clear the checkbox, click Apply, select the checkbox again, then click Apply.
-
In Sophos Central, click Accept services.
Your firewall is added to your existing backup schedule.
Backup frequency
The default backup frequency in Sophos Central is Never.
When a firewall is automatically added to your backup schedule, the following conditions apply:
-
If the existing backup frequency is already set to Daily, Weekly, or Monthly, it won't change.
-
If the existing backup frequency is set to Never, and there are already firewalls in your backup schedule, the backup frequency won't change.
-
If the existing backup frequency is set to Never, and there are no pre-existing firewalls in your backup schedule, the backup frequency automatically changes to Monthly, and the date is set to the first of the month. The automatic backup frequency change only happens once (when the first firewall is automatically added).
You can manually change the backup frequency at any time.
High Availability backups
When you automatically add the primary firewall from a high availability cluster to your backup schedule, the primary and auxiliary firewalls are added to Schedule Backup. However, only backups from the primary device are generated.
Remove a firewall from your backup schedule
You can manually remove a firewall from Schedule Backup in Sophos Central, or you can go to the firewall, and deselect Send configuration backup to Sophos Central.
If you manually remove the firewall, this won't automatically deselect Send configuration backup to Sophos Central on the firewall.
If you deselect Manage from Sophos Central from your firewall, but don't deselect Send configuration backup to Sophos Central, the firewall isn't removed from Schedule Backup. However, backups aren't sent to Sophos Central. In this case, you must manually remove the firewall from Sophos Central.
Back up a firewall now
To back up a firewall now:
- Go to My Products > Firewall Management > Backup.
-
In Manage Backup, select the device you want to back up.
If you don’t have any firewalls shown here, go to Schedule Backup and click Add New Item.
-
Click Generate Backup.
Store a backup permanently
To store a backup permanently:
- Go to My Products > Firewall Management > Backup.
-
In Manage Backup, select the device for which you want to store a backup.
You can see a list of previous backups.
-
In the list, select a backup. Click the pin icon to make the backup the “stored backup”.
You can only have one stored backup. If there is already a stored backup, it will be replaced.
The backup will be kept until you replace it or delete it.
Restore from a backup
You can download a backup and use it to restore an earlier configuration.
- Go to My Products > Firewall Management > Backup.
-
In Manage Backup, select the device where you want to restore the firewall configuration.
You can see a list of previous backups.
-
In the list, select a backup. Click the download icon.
- You’re prompted to set a password that will be used to re-encrypt the backup. Click Download.
- Go to the firewall and use the download to restore the configuration. For details, see Sophos Firewall help.