Backup and restore
You can take encrypted backups and restore the configurations.
Backups contain the entire configuration on XG Firewall and are encrypted. You can save backups on XG Firewall, use FTP to save them on a server, or email the backup. You can set up an automatic backup schedule, or take a backup manually.
You must enter a password to encrypt the backup. To restore the backup, you must reenter the password and the secure storage master key.
Secure storage master key
The secure storage master key provides extra protection for the account details stored on XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access. The default administrator (username: admin) sets the secure storage master key.
The master key requirements for backup and restore are as follows:
- You must enter the secure storage master key when you restore a backup that has a master key. If you don't enter the master key, you can't restore these backups. You can restore backups taken before the master key was set without entering the master key.
- You must enter the master key and the backup encryption password.
- Scheduled backup: Until you set the master key, XG Firewall continues to take scheduled backups, but the backups won’t have the master key’s extra protection.
- Manual backup: You must create the master key before taking a manual backup.
Best practices
When to take a backup:
- Schedule automatic backups.
- Take a manual backup before and after you make a considerable change to the configuration.
- Take a backup before upgrading the firmware.
How to keep the backup secure:
- If you save backups at a different location, make sure the location is secure.
- Make sure you set the secure storage master key to protect and restore sensitive information.
Compatible devices for restoring configuration
The following rules apply for restoring the backup configuration to a different XG Firewall device:
- Hardware models:
- You can restore the configuration to a model with an equal or higher number of Ethernet ports.
- You can't restore the configuration from hardware models with FleXi Port modules to virtual SFOS appliances or hardware models without FleXi Port modules. These modules allow you to add additional ports to the XG Firewall appliance. For more details, see Backup-restore compatibility check.
- Wireless devices: You can restore from a wireless device to another wireless device with an equal or higher number of Ethernet ports.
- Revisions: You can restore to a hardware model with a different revision if it has an equal or higher number of Ethernet ports.
- Firmware versions: You can restore to a device with the same or later firmware version.
- Pattern versions: You can restore to a device with the same or later pattern version. If it's of an earlier version, update the patterns, and then restore the configuration.
Backup
Setting |
Description |
---|---|
Backup mode |
To save the backup, or save and transfer the backup, select an option from the following list:
For FTP and email, XG Firewall first stores the backup locally and then transfers it. |
Backup prefix |
Enter a prefix to identify the backup configuration. Use the prefix to identify the configuration when you have more than one device. By default, XG Firewall stores backups without a prefix. The backup name is as follows: With prefix: <Prefix>_Backup_<Device Key>_<timestamp> Example: Dallas_Backup_ABCDEY190_26Nov2014_12.09.24 Without prefix: Backup_<Device Key>_<timestamp> Example: Backup_ABCDEY190_26Nov2014_12.09.24 |
Frequency |
Select the frequency with which you want to take backups. If you store the backup on XG Firewall, only the latest backup is retained. If you want to save the previous backup, download it. |
Encryption password |
Enter the password with which you want to encrypt the backups. You need to enter this password when restoring the backup. To encrypt backups scheduled with earlier firmware versions without a password, you now need to provide a password. |
Change encryption password |
Use this to change the password. |
Backup now |
Click to take a backup manually. |
Apply |
Click to apply the settings. |
Download |
Click Download
![]()
For backups scheduled with earlier firmware versions, you need to enter a password to encrypt the backup before downloading it. |
Backup restore
Setting |
Description |
---|---|
Restore configuration |
Upload the backup file to restore a configuration. |
Password |
Enter the password with which the backup was encrypted. To restore unencrypted backups taken with earlier firmware versions, you don’t need a password. |
Upload and restore |
Click to upload and restore the backup configuration. If you restore an older configuration, you'll lose the later changes. |