Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Key interface mapping concepts

By default, ports are mapped to the equivalent ports on the target device. If the equivalent port doesn't exist on the target device, the next available port is selected.

You can change the interface mapping or select Don't map. Creates Pseudo port.

Tip

Check your backup's administration port and credentials so you know how to access the target device if you change the administration port mapping.

Pseudo port

Pseudo ports are created to retain configurations.

When you restore backups, the following conditions apply to pseudo ports:

  • Pseudo ports are created if the target device has fewer ports, and some configured ports are unmapped. For example, restoring a 6-port device backup to a 4-port device restores or maps to Port1 to Port1, Port2 to Port2, Port3 to Port3, Port4 to Port4, with Port5 and Port6 mapped as pseudo ports Pseudo5 and Pseudo6.
  • You can select Don't map. Creates Pseudo port when mapping interfaces using the backup-restore assistant.

    Note

    The firewall doesn't map or create pseudo ports for unbound interfaces, except those with VLAN configurations.

  • The interface status is set as Not available.

  • The hardware name is set as Pseudo<port number>.
  • Pseudo ports don't function.

Note

For backups restored from 19.5 MR3 and earlier, if a configured port in the backup isn't mapped, it shows up with its original port name instead of the name pseudo port. The interface status is set as Not available. The firewall deletes unbound pseudo ports on the next restart.

Warning

Configurations using pseudo ports don't work properly. For example, if routing configurations use pseudo ports, routing issues such as dropped packets can occur. You must update the routing configurations that use pseudo ports and replace them with active ports according to your network requirements.

Replace and delete pseudo ports

After you restore a backup, you can optionally replace the pseudo ports with the current device ports and delete the pseudo ports.

To delete pseudo ports, do as follows:

  1. Go to Network > Interfaces.
  2. Click a pseudo port and select None for Network zone to unbind the pseudo port. Do this for all pseudo ports.
  3. Restart the firewall to remove the pseudo ports.

Note

Unbound pseudo ports with VLAN configurations aren't deleted.

Breakout port

When you restore a backup with breakout ports, make sure the target device supports breakout ports and is configured with the same amount or more breakout ports. For example, if the backup is configured with two breakout ports, the target device must also have at least two breakout ports configured.

The following conditions apply when you restore a backup with breakout ports:

  • The backup-restore assistant only shows breakout root ports and not member ports.
  • You can only map the breakout root ports and not the member ports.
  • You can choose not to map breakout root ports, creating pseudo ports.
Backup configuration Target device Restore allowed?
Two breakout ports Two or Four breakout ports Yes
Four breakout ports Two breakout ports No
Physical port Breakout root port Yes

To see the XGS series firewalls that support breakout ports, see Support for breakout interfaces.

Management port

The following conditions apply when you restore backups with management ports:

  • If the backup has a management port configuration, it maps to the management port on the target device during restore.
  • If the target device doesn't have a management port, the target device creates a pseudo port to retain the management port configuration.
  • You can map the management port to a different port using the backup-restore assistant when you restore to XGS, virtual, and cloud appliances.

Wireless models

Wireless desktop models have additional restrictions. See Backup and restore wireless models.

Restore HA backups

You can restore a backup with HA configuration even if the target HA device doesn't have the same number of ports. To make sure you can restore a backup to a target model, see Compatible devices for restoring backups.

The following conditions apply when you restore backups with dedicated HA links:

  • The port type must be the same. For example, a physical port to a physical port.
  • You can't restore to a different port type.
  • The dedicated HA link port can have a different hardware name in the target device. For example, Port3 to PortA1.
  • If a LAG interface is used, the number of member interfaces must be same on the target device.
  • If a VLAN interface is used, the VLAN ID must be the same on the target device.
  • If you've selected ports under System services > High availability > Select ports to be monitored, make sure the status of the ports on the target device is the same before restoring the backup.

Note

You can't change the dedicated HA link ports from the backup-restore assistant.