Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 27 subscribers
  • Views 5080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Backup cannot be restored on current device : Upgraded Hardware, both running 18.0.2 MR-2

Joe DeVito

I wanted to upgrade my hardware from a big PC to a small networking unit. Read all reviews and made sure i am running the same EXACT firmware on both. I have months worth of backups and when i attempt to restore ANY of them to the NEW registered device, it states :Backup cannot be restored on this Device

I've verified all patterns are the same versions as well, what am i missing here?



This thread was automatically locked due to age.

Top Replies

  • in reply to Joe DeVito +2 verified

    I went on a 5 hour troubleshooting session till 2AM my time and i was able to figure out a work around.

    - I reset my device back to factory defaults with 5 NICs (Onboard not disabled). Applied backup config and during the reload into the firmware, i disabled the NIC hoping it would reassign, i did not

    - I shutdown fully three times and still the "LAN" zone was assign to Port5. Port5 however is not shown in "show network interfaces" and Port1 shows "UNBOUND"

    - I attempted to rename the "Port5" interface to "Inside" in case it was holding the name and getting confused. Unfortunately after multiple shutdowns, this did not help

    At this point, i started to focus more on the security zone "LAN" and not the interface because Sophos binds all of it's components on the security zone and not interface. 

    Here is how i resolved my issue (Which was the interface count as suggested by Ian)

    I changed the "LAN" security zone's IP from .254 to .250. Reconnected over .250, Configured Port1 on the same "LAN" zone with .254. I was surprised the Firewall allowed me to configure the same zone and subnet on another interface but this allowed the security zone to stay active in 2 places. I then deleted Port5 and everything was still up and running, At this point i was left with Port1-4 configured, active and working. On the next reload, i disabled the on board NIC and after boot up, Port5 was gone leaving me with 4 Network interfaces!!!! (Port1-Port4)

    Created a new backup, applied this backup to the NEW device and i am happy to say i am up and running with minimal configuration to complete this task.

    It was a battle but the work around was not only informative, but i was able to complete the migration which in the end, was the point.

    Thank you Ian.  I work for an IT MSP so i appreciate not only your helpfulness, but were extremely responsive which is the hardest part of support. So again thank you!

    Jump to answer
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Could you please share some detail about the old and upgraded hardware? 

    Please check out the following KBA for more info: Sophos XG Firewall: Backup-restore compatibility check.

    Thanks, 

  • 0

    Hi Joe,

    you need to be running the same number of NICs.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hey Ian,

    If in fact that is true, I am guessing there is no way to edit the current config files to show less NICs?

    OLD: 5 NIC (only using 4)

    NEW: 4 NICs

    Anyway to remove the old unused port from the config?

    thanks again for your help, it's greatly appreciated 

  • 0 in reply to Joe DeVito

    Hi Joe,

    no, the XG is not like the UTM. You could try disabling one NIC in BIOS and see if that works?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Ian

    Good thing we are on the same page, i disabled a NIC, unfortunately because i am using a four port DELL card, i can only disable the onboard NIC, which is assigned to "Port5". This will work IF, big IF here, i can reassign Port5 settings to Port1? Or renumber the port settings? Being a Network engineer ive completed this task pretty easily, even on Linux distros.

    I've looked through all CLI / Console configuration guides and i'm unable to find anything about "port reassignment" or "transferring port settings/configuration". I dropped into the Linux kernel to find i am unable to edit the network config file. This makes sense since this is a Sophos propitiatory version of Linux.

    I guess the question is, how can i move my "LAN - Port5" to unassigned/unbound Port1?

    I was even thinking, possibly i could add the current port to a LAG (Add Ports 1&5 to NEW LAG) then remove port 5 and the LAG while keeping their settings? Its a stretch but i'm at the end of mu rope here =)

    Again, i really appreciate your help and guidance on this request

  • 0 in reply to Joe DeVito

    Hi Joe,

    the XG will re-assign port 5 to a spare port assuming you are not using all ports? Your ports will all be renumbered i think based on MAC address order and PCI numbering.

    so be prepared for a bit of confusion while you identify each port and reconnect them to the correct devices.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    oh you are saying after i disable the the onboard NIC, it should have automatically reassigned from Port5 to the next available port? (Port1 is unassigned or bounded"

    Because that didn't work =(

  • 0 in reply to Joe DeVito

    Hi Joe,

    it should shuffle the order. Might take two restarts/power off for the change to be effective.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I made the change i nthe BIOS. Booted and shutdown 3 times in a row after the firewall entirely was up. The CLI login shows only 4 interfaces (used to say 5) so i know the disabling worked. But when looking at Network configuration, it still shows Port5 as the LAN and technically there is not a port 5 when i look at "show network interfaces".

  • 0 in reply to Joe DeVito

    Hi Joe,

    which ones does it show as active?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.