Backup and restore

Backup is the essential part of data protection. No matter how well your system is treated, no matter how much it is taken care of, you cannot guarantee that your data is safe if it exists only at one place.

Backups are necessary in order to recover data from loss due to disk failure, accidental deletion or file corruption. There are many ways of taking backup and just as many types of media to use as well.

Backup consists of all the policies and all other user related information. It is a good practice to make a regular backup of the device configuration, particularly before and after you make significant changes and before a firmware upgrade. Device backups contain sensitive information and are important. Make sure you handle these appropriately.

The device facilitates backups only of system data, either through scheduled automatic backup or using a manual backup.

Once the backup is made, the file for restoring the backup must be uploaded for restoring the configuration.

You must enter a password to encrypt the backup. To restore the backup, you must reenter the password and the secure storage master key.

Secure storage master key

The secure storage master key provides extra protection for the account details stored on XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access. The default administrator (username: admin) sets the secure storage master key.

The master key requirements for backup and restore are as follows:

  • You must enter the secure storage master key when you restore a backup that has a master key. If you don't enter the master key, you can't restore these backups. You can restore backups taken before the master key was set without entering the master key.
  • You must enter the master key and the backup encryption password.
  • Scheduled backup: Until you set the master key, XG Firewall continues to take scheduled backups, but the backups won’t have the master key’s extra protection.
  • Manual backup: You must create the master key before taking a manual backup.
Warning After you create the master key, all new backups use it to secure sensitive data. If you don't enter the master key, you can't restore these backups. However, you can restore backups taken before the master key was set.


Backup mode
Select how and to whom backup files should be sent.
  • Local: Backup is created and stored on XG Firewall.
  • FTP: Specify the FTP server IP address (IPv4/IPv6), sign-in credentials, and FTP path.
  • Email: Specify the recipient email address. You can specify more than one recipient address.
Backup prefix
Specify a prefix for the backup file name. The backup file name format is as follows:
  • With prefix: <Prefix>_Backup_<Device Key>_<timestamp>

    For example:



  • Without prefix (default): Backup_<Device Key>_<timestamp>

    For example:


If prefix is not provided, the default format is used for backup file.

Backup prefix will be useful in case you need to make backup from multiple devices.

Select the system data backup frequency.

In general, it is best to schedule backup on regular basis. The schedule can be determined depending on how much information is added or modified.

Available options:

Never - Backup will not be made at all Daily - Backup will be made every day Weekly - Backup will be made every week Monthly - Backup will be made every month

Schedule: Specify the day/date and time for daily, weekly, and monthly backup.

Encryption password
Provide the password to encrypt the backup with. XG Firewall will encrypt manual and scheduled backups with the password.
Note To encrypt backups scheduled with earlier versions of SFOS (with a blank password field), you need to provide a password.
Back up now
Click to take a backup of the current system data.
For local backups, click to download the latest available backup.

To use the current password, click Download encrypted backup. To change the password, click Encrypt backup with a different password before you download and enter the new password.

Click Download backup.
Note For backups that were scheduled with earlier versions of SFOS, you need to encrypt the backup with a password at the time of download.

Backup restore

When you restore a backup, the following changes take place:

  • The restored backup replaces the current configuration. This also deletes the stored backup and restarts XG Firewall.
  • The IP address assigned to the web admin console on the restored configuration becomes active. You must use this IP address to access the web admin console.
Restore configuration
To select the complete path of the backup file to be restored, click the file selection button.
Enter the password with which you’ve encrypted the backup.
Note To restore unencrypted backups taken with earlier versions of SFOS, you don’t need a password.
Upload and restore
Click to upload and restore the configuration.
Note Restoring data older than the current data results in the loss of current data.