Key interface mapping concepts
By default, ports are mapped to the equivalent ports on the target device. If the equivalent port doesn't exist on the target device, the next available port is selected.
You can change the interface mapping or select Don't map. Creates Pseudo port.
Tip
Check your backup's administration port and credentials so you know how to access the target device if you change the administration port mapping.
Pseudo port
Pseudo ports are created to retain configurations.
When you restore backups, the following conditions apply to pseudo ports:
- Pseudo ports are created if the target device has fewer ports, and some configured ports are unmapped. For example, restoring a 6-port device backup to a 4-port device restores or maps to Port1 to Port1, Port2 to Port2, Port3 to Port3, Port4 to Port4, with Port5 and Port6 mapped as pseudo ports Pseudo5 and Pseudo6.
-
You can select Don't map. Creates Pseudo port when mapping interfaces using the backup-restore assistant.
Note
The firewall doesn't map or create pseudo ports for unbound interfaces, except those with VLAN configurations.
-
The interface status is set as Not available.
- The hardware name is set as
Pseudo<port number>
. - Pseudo ports don't function.
Note
For backups restored from 19.5 MR3 and earlier, if a configured port in the backup isn't mapped, it shows up with its original port name instead of the name pseudo port. The interface status is set as Not available. The firewall deletes unbound pseudo ports on the next restart.
Warning
Configurations using pseudo ports don't work properly. For example, if routing configurations use pseudo ports, routing issues such as dropped packets can occur. You must update the routing configurations that use pseudo ports and replace them with active ports according to your network requirements.
Replace and delete pseudo ports
After you restore a backup, you can optionally replace the pseudo ports with the current device ports and delete the pseudo ports.
To delete pseudo ports, do as follows:
- Go to Network > Interfaces.
- Click a pseudo port and select None for Network zone to unbind the pseudo port. Do this for all pseudo ports.
- Restart the firewall to remove the pseudo ports.
Note
Unbound pseudo ports with VLAN configurations aren't deleted.
Breakout port
When you restore a backup with breakout ports, make sure the target device supports breakout ports and is configured with the same amount or more breakout ports. For example, if the backup is configured with two breakout ports, the target device must also have at least two breakout ports configured.
The following conditions apply when you restore a backup with breakout ports:
- The backup-restore assistant only shows breakout root ports and not member ports.
- You can only map the breakout root ports and not the member ports.
- You can choose not to map breakout root ports, creating pseudo ports.
Backup configuration | Target device | Restore allowed? |
---|---|---|
Two breakout ports | Two or Four breakout ports | Yes |
Four breakout ports | Two breakout ports | No |
Physical port | Breakout root port | Yes |
To see the XGS series firewalls that support breakout ports, see Support for breakout interfaces.
Management port
The following conditions apply when you restore backups with management ports:
- If the backup has a management port configuration, it maps to the management port on the target device during restore.
- If the target device doesn't have a management port, the target device creates a pseudo port to retain the management port configuration.
- You can map the management port to a different port using the backup-restore assistant when you restore to XGS, virtual, and cloud appliances.
Wireless models
Wireless desktop models have additional restrictions. See Backup and restore wireless models.
Restore HA backups
You can restore a backup with HA configuration even if the target HA device doesn't have the same number of ports. To make sure you can restore a backup to a target model, see Compatible devices for restoring backups.
Dedicated HA link
The following conditions apply when you restore backups with dedicated HA links:
- The port type must be the same. For example, a physical port to a physical port.
- You can't restore to a different port type.
- The dedicated HA link port can have a different hardware name in the target device. For example, Port3 to PortA1.
- If a LAG interface is used, the number of member interfaces must be same on the target device.
- If a VLAN interface is used, the VLAN ID must be the same on the target device.
- If you've selected ports under System services > High availability > Select ports to be monitored, make sure the status of the ports on the target device is the same before restoring the backup.
Note
You can't change the dedicated HA link ports from the backup-restore assistant.