Backing up from xg125 and restoring to xg115

Hi @wajdiaa 

You may refer below "Backup-restore compatibility check"

https://community.sophos.com/kb/en-us/124585

You may refer Note section and you will get hint for your issue.

You can do a backup-restore from an appliance with an equal or lower number of interfaces to an appliance with an equal or higher number of interfaces but not the other way around.

Thanks guys. Thought it might be possible by descarding the subsequent interfaces. 

Hello

Backup and restore in the Sophos XG world is really hit and miss.

There is no reason why you cant take a backup from a unit, and restore it to another unit, as long as the firmware versions are equal or later.

And why V17.5.MR12 wants a download of current IPS signatures before it will do a restore.

There is some shocking coding in there

It is quite easy: 

The IPS Pattern and other pattern version needs to be higher or the same. That is in the product for years. Most likely nobody notice.

Sometimes, there is an issue with the Pattern, therefore the pattern version will not update. 

The backup has a flag with the pattern version, used in this backup at this time.

The reason to have pattern version in the product is: IPS Rules. 

Let me paint a picture. You explicitly want to block eternal blue pattern in your IPS Rules.

But the version, you want to import your backup, which has those rules, do not know eternal blue. What should XG do? Skip those rules? 

Hi,

Thanks for the reply

I understand how IPS and other rules are dependent on the patterns, but why a blatant fail?

Surely a prompt allowing the restore noting that IPS may be inconsistent.

And when you have a default setup without any custom IPS rules, it is also a pain.

My situation, used a Cyberoam running 17.5.MR10 as a stopgap while a customer was relocating office. So programmed this for the new site, created Hosts and Firewall rules only. Once their other office was closed, took their XG125, upgraded from V16 firmware to V17.5.10 and couldn't restore the CR25 config. Tried upgrading to MR12, still couldn't restore the config, even after updating IPS signatures.

While the current Backup / Restore works for a single site, and allows for restore of a config for a like to like replacement, it does nothing for MSP's who may build a config on a smaller device and migrate to a new one upon arrival, nothing for restoring on a service device for debugging issues offsite or alike.

It also has no facilities for being able to rebuild in the event of an emergency replacement allowing for export / import or cut / paste of hosts, services, groups or alike.

As i said, this can happen in rare cases. 

I am working quite often with the Import / export option to simply pasting the config via XML, which works fine. 

Editing this XML Export with scripts makes it easy to streamline the configuration. And there is no IPS limitation. 

As i said, this can happen in rare cases. 

I am working quite often with the Import / export option to simply pasting the config via XML, which works fine. 

Editing this XML Export with scripts makes it easy to streamline the configuration. And there is no IPS limitation. 

Hi

I am sorry but the restore of config backup is a real mess...

When a new product is started it's impossible to restore a backup without completing all the shity wizard, force the pattern update manually and finally restore the backup.

The recent feature added in the wizard to restore the backup at the second step is totally useless as patterns are not up to dates !

As you would need a Internet connection to register the Appliance, you could easily update the Pattern, which will be done by the Wizard as well in the first place.

But if you do a offline restore, it is not quite easy. 

hi

i would be curious to know how you can update the patterns during the wizard ?

(of course with an internet connection availiable !)

thanks