Backing up NGX - Options Compared

[cames]

Hi All,

I’m just trying to get the various (and recommended) backup procedures clear in my head, so I’d be really grateful if people more knowledgeable than myself could read the below and comment/correct?

1) Database Revision Control is used to create a roll-back copy of all policy rules, objects, users, groups, smart defence, and global properties (and presumably VPNs etc). This will not backup server/FW specific info such as the OS, logs, and interface settings, however. Also, it will not create a file for separate safekeeping, so is not appropriate for disaster recovery.

2) upgrade_export will backup the same as Database Revision Control (everything but server/fw specifics) but does so from the command console or the CD upgrade program, and creates an exportable .tgz file that can be moved to another machine for safekeeping. It also backs up license information and is good for disaster recovery.

3) The “Backup” command (or the SmartCenter's web backup tool) will backup just the SmartCenter server settings such as the OS, interface settings and logs?

Notes:

Important files and folders are…

$FWDIR/Conf (containing Objects.c, Objects_5_0.c and Rulebases_5_0.fws)
$FWDIR/Lib (containing base.def)
$FWDIR/Logs (containing logs)
$FWDIR/Database (contains user database – fwauth.ndb)

…but these are all backed up by using the “upgrade_export” program.

Logs should be regularly backed up by switching the logs (with fw logswitch) and archiving the older files.

Is that all correct, and/or could anyone fill in the gaps for me?

Thanks in advance!

[ngxadmin]

It is my understanding that the backup command does back up your checkpoint policy configuration in addition to what you mentioned and you would be able to restore policy. However, upgrade_export is a more comprehensive type of backup and has fewer issues when restoring your configuration/policy.

[cames]

Ah, I see. Thanks, I appreciate it!

[fwleno]

I suggest using and enjoying both backup and upgrade_export. In case you will need to restore you can select the fastest way. If just the checkpoint failed than you can use upgrade_import file but if the whole server crashed or damaged using the backup/restore option is faster and will recreate all interfaces , routing , dynamic routes and many other system files that you may have customized...

[trinity]

Quote:

Originally Posted by cames

3) The “Backup” command (or the SmartCenter's web backup tool) will backup just the SmartCenter server settings such as the OS, interface settings and logs?

Where is the web backup tool? Or is this the same as the web visualisation tool?

[mcnallym]

Is actually the SecurePlatform Web Backup Tool not the SMARTCenter as such.

[trinity]

Quote:

Originally Posted by mcnallym

Is actually the SecurePlatform Web Backup Tool not the SMARTCenter as such.

Ah right sorry, we're using windows so i didnt realise!

[Thorpuse]

Quote:

Originally Posted by cames

Hi All,


Notes:

Important files and folders are…

$FWDIR/Conf (containing Objects.c, Objects_5_0.c and Rulebases_5_0.fws)
$FWDIR/Lib (containing base.def)
$FWDIR/Logs (containing logs)
$FWDIR/Database (contains user database – fwauth.ndb)

…but these are all backed up by using the “upgrade_export” program.

Thanks in advance!

Also add

$CPDIR/conf
$CPDIR/database

These are where (among other things) the SIC key and policy, license files and the CP Registry are stored.

I'd recommend running a upgrade_export and opening up the .tgz fle to see the files and folders it grabs.