Configuration backup modes

[bigstyx]

What is the difference in terms of contents between
a) saving a policy package via File ==> Save as
b) creating a database via File ==> Database Revision control

are the Objects and Rules databases saved in both case ?
the 2nd option seems more complete, but Smartcenter documentation is not so clear

thanks in advance

[lammbo]

Quote:

Originally Posted by bigstyx

a) saving a policy package via File ==> Save as
b) creating a database via File ==> Database Revision control

a) Creates a copy of your active policy with a new name
b) Creates a copy of your active policy as it currently stands within the policy. Think of it as a document revision control: (example)
1) You save a revision and name it 'pre-marketing deployment'
2) Make all of your policy changes and push policy
3) Let's say it breaks something horribly for argument sake
4) Make a new revision - let's call it 'post-marketing deployment'
5) Since you are in a bind, you can recall the 'pre-' revision and push to get you running again
6) Then you can load the post revision again and correct your mistakes
push and test again, yada yada...

[bigstyx]

Sorry, but even after reading it several times, I don't understand what you mean (probably due to my poor english knowledge)
my original question was to know the difference in terms of contents saved, between both modes and, of course, the difference of usage which results from that (which you try to explain to me)
I still don't see the exact differences between :
a) reopening a previously saved policy (saved via "save as" function) and then working with it and possibly pushing it into the firewall
b) and restoring a previously creaed database revision and then working with it and possibly pushing it into the firewall

[Thorpuse]

Let me try...

Save As *ONLY* saves a copy of the rulebase. It does NOT save a copy of the objects, user database or SmartDefense settings at the time of the Save. This means that if oblects or object properties change, and you use your saved rulebase, you wiull be using the rulebase with the current objects database, NOT the database at the time of the save.

Lets look at the implications of this - lets say you have a rule that looks like this

Src - ObjectA
Dst - ObjectB
Service - ServiceA
Action - Accept

and this is saved in a rulebase. Now, let's say you delete ObjectA. When an object is deleted, it deletes the object from the database. If this object is the sole object in a source, destination or service column, it replaces it with "Any". So deleting objectA would turn your rulebase into this...

Src - Any
Dst - ObjectB
Service - ServiceA
Action - Accept

Not good...

In short, do NOT use Save As as a revision control method. Use Database Revision control. Use Save As if you need to create a copy of a rulebase to use as a template for another device. I've had to deal with too many bad CP implementations where there are hundreds of Policy Packages, and this makes auditing, cleaning up and administration a real PITA.