Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=backup-restore-20mr1

Restore to 20.0 MR1 and earlier

You can restore a backup taken from any version to 20.0 MR1 and earlier but the firewall doesn't show the backup-restore assistant for interface mapping.

By default, ports are mapped to the equivalent ports on the target device. For example, Port1 is mapped to Port1. If the equivalent port doesn't exist on the target device, the next available port is selected. For example, if the backup device has PortF1 and the target device doesn't have PortF1, it's mapped to the next available port on the target device, such as Port9.

Sophos Central registration

Sophos Central registration is only retained when you restore a backup to the same firewall from which the backup was taken.

Restoring a backup to a different firewall or an HA cluster deregisters the firewalls from Sophos Central. You must register the firewalls to Sophos Central and reconfigure Sophos Central services such as Security Heartbeat and Sophos ZTNA again. See Backup-restore in HA.

Compatible devices for restoring backups

To see the conditions and compatible devices for restoring backups to any device, see Backup-restore compatibility check.

Breakout port

When you restore a backup with breakout ports, make sure the target device supports breakout ports and is configured with the same amount or more breakout ports. For example, if the backup is configured with two breakout ports, the target device must also have at least two breakout ports configured.

Backup configuration Target device Restore allowed?
Two breakout ports Two or four breakout ports Yes
Four breakout ports Two breakout ports No
Physical port Breakout root port Yes

To see the XGS series firewalls that support breakout ports, see Support for breakout interfaces.

Management port

If the target device doesn't have a management port, it creates a pseudo port to retain the management port configuration.

Wireless models

Wireless desktop models have additional restrictions. See Backup and restore wireless models.

Restore HA backups

You can restore a backup from an HA device to an HA device if they have the same number of ports.

The following conditions apply when you restore backups with dedicated HA links:

  • The port type must be the same. For example, a physical port to a physical port.
  • The interface hardware name must be the same.
  • If a LAG interface is used, the number of member interfaces must be same on the target device.
  • If a VLAN interface is used, the VLAN ID must be the same on the target device.

  • You can't restore to a different dedicated HA link port or port type. For example, if the backup has a dedicated HA link on Port3, you can't restore the backup to an HA device with a dedicated HA link on Port4.

    Note

    If you're restoring to 20.0 MR2 and later, you can restore to a different dedicated HA link port. See Restore HA backups.