Import export

You can import and export the full or partial configuration of XG Firewall.

You can only import and export configurations between compatible devices. The configuration file is a .xml file. You can update the configuration offline.

To import or export a configuration, go to Backup and firmware > Import export.

Secure storage master key

The secure storage master key provides extra protection for the account details stored on XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access. The default administrator (username: admin) sets the secure storage master key.

You don't enter the master key when you export a configuration. To see how XG Firewall imports configurations and sensitive information, see the following table:

Table 1. Importing configurations

Scenario

Description

Configurations without the master key

You can export the configuration, and import it to the same firewall along with sensitive information and the dependent configurations if the firmware wasn't reset or reimaged after the export.

You won't be able to import sensitive information and dependent configurations if you're importing the configuration to the following devices:

  • A different XG Firewall.
  • The current device if you reset or reimaged its firmware after exporting the configuration.

You'll need to reenter or recreate the information later. You'll be able to import the rest of the configuration.

Configurations with the master key

You must enter the master key when you import the configuration to the following devices:

  • A different XG Firewall.
  • The current device if you reset or reimaged its firmware after exporting the configuration.

If you don't enter the master key when you're prompted, you can import the configuration, but you'll lose sensitive information and dependent configurations. For example, if you don't enter the master key when you import a configuration containing users and their dependent configurations, XG Firewall won't import the users and their dependent configurations.

You'll need to reenter or recreate the information later.

Configurations without sensitive information

When you import a configuration that doesn't contain sensitive information, you don't need to enter the master key.

Update configurations using API

To update a configuration using API, do as follows:
  1. Export the required configuration. It's exported as a .tar file, which contains the configuration as a .xml file.
  2. Extract the .xml file and make your changes to the configuration. For the configuration's API format, see API help on XG Firewall help documents.
  3. Compress the updated .xml file into a .tar file.
  4. Import the .tar file to XG Firewall.

Import

Import file: Select the .tar file to import and select Import.

The following rules apply for importing a configuration:

Configuration settings:

  • XG Firewall updates the existing configuration with new settings in the imported file.
  • Settings in the current configuration without a matching setting in the imported configuration don't change.
  • For settings specified in both configurations, XG Firewall applies the settings of the imported configuration.

    Example: Traffic shaping settings for Total available WAN bandwidth are as follows:

    Existing configuration: 1000000

    Imported configuration: 2560000. This value becomes the Total available WAN bandwidth for the firewall.

Firmware versions: You can import the configuration to a firewall with the same or later firmware version.

Pattern versions: You can import the configuration to a firewall with the same or later pattern version. If it's of an earlier version, update the patterns, and then import the configuration.

Hardware and wireless devices: You can import the configuration of a hardware device to another, or of a wireless device to another wireless device. The device to which you import the configuration must have an equal or higher number of Ethernet ports. If the number of ports is lower, or if the port names differ between the models (example: Port1 versus PortA), you can make changes to the file Entities.xml, and then import the configuration.

Export

Export full configuration: Select to export the full configuration and select Export.

Export selective configuration: Select the checkbox and select the configurations you want to export. Additionally, to export the dependent configurations, select Include dependent entity.

You must enter the secure storage master key if the configuration has one. If you don't enter the master key, you can't import sensitive information, such as passwords, and dependent configurations. You also lose sensitive information and the dependent configurations when you import configurations that don't have a master key.