PDA

View Full Version : How To Copy or Clone or Image one 4600 to a spare for offline backup ?



bilevans
2014-07-11, 14:37
We have two 4600 Gaia R75.40 appliances; one is in production , the other is licensed but offline.

I 'd like to use the offline device for recovery -- put it online when there is an issue with the production device.

I don't want to implement clustering or HA; anything that requires both to be online at the same time.

I found a few references to procedures that involved imaging, but not for maintaining a shelved recovery device.

I guess you couldn't create a duplicate Security Gateway/Management Object (with an extra interface) onto which an object database / policy could be pushed.

Any ideas, references, recommendations appreciated.

Thanks

jflemingeds
2014-07-11, 16:47
We have two 4600 Gaia R75.40 appliances; one is in production , the other is licensed but offline.

I 'd like to use the offline device for recovery -- put it online when there is an issue with the production device.

I don't want to implement clustering or HA; anything that requires both to be online at the same time.

I found a few references to procedures that involved imaging, but not for maintaining a shelved recovery device.

I guess you couldn't create a duplicate Security Gateway/Management Object (with an extra interface) onto which an object database / policy could be pushed.

Any ideas, references, recommendations appreciated.

Thanks

Thats a hard one. You would have to update your spare everytime you update your production if say you bring up a new interface or something.

That being said, i would change the way you provision firewalls. Setup a script to build the firewall OS level configs then simply store the script output. Then you can recreate the configs without issue. Again doesn't help you if you add something in production, but you could always just add it to the script. Of course this doesn't help you for all those edge cases that require you to update some file on the gateway like say fwkern.conf, but if you have backups you could always automating pulling that out of hte backups.

bilevans
2014-07-11, 21:37
Thanks very much for your reply; i realize it's an odd request.

So the output of the script used for OS configuration changes would be used as a record of the changes and, when the time came to use the shelved appliance, we'd refer to it in order to bring the offline device up to date OS-Wise?
Then , once the OS is up to date, load a backup, or import a snapshot, and restore the configuration (?)

No way to get around that manual process , by using some type of image copy, disk-to-disk copy, etc. ?

thanks again...