Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Backup Script

Ryan Partington

Call to all legends, who's going to write a script based off https://community.sophos.com/sophos-xg-firewall/f/discussions/132254/backup-via-cli/487119?focus=true which:

Takes a list of IPs and passwords

Connects to each device, takes and backup and uploads to FTP

Once complete, uploads a log file indicating which backups were successful, and more importantly, which failed.

I hear your cries. Just configure central for backups, or connect to each box and configure FTP/email etc. Yes, that is what we're doing, but the big banboozle is, it's not easy to see which have failed to backup, or have stopped working for whatever reason. Would be lovely to check a log file each day for 100+ firewalls and see which have failed to backup for whatever reason and then rectify.

Grin

You could call it, the Sophos XG Backup Manager Rofl



This thread was automatically locked due to age.
  • 0

    This is an excellent idea and I'm starting a similar initiative for my internal Sophos fleet. Currently have python code utilizing netmiko library to get to the prompt via SSH. from there, possibilities are endless. I'm able to grab output of interfaces and build a python data structure from it, so then we can send to Slack or some database that Grafana can pull from

  • 0 in reply to Vlad Bekker

    love it, would love to see the finished product if your comfortable putting it on github Heart

    ------------------------------------------------

    worlds number one free ICMP monitoring platform: https://pinescore.com

  • 0 in reply to Ryan Partington

    I am still think, this is a bad idea. From a security perspective, you will poke plenty of holes in your security concept. Backups will be stored on a FTP, using which kind of upload? Who is responsible for the data store of this data? 

    I am still unsure about the "Which backup fails" as i could not spot a customer or partner complaining about a Backup "not working". This seems to me to be a robust feature in the first place. As you could use the FTP Backup mechanism on the firewall itself, there should be no need to script this on the CLI. Automatic login to firewalls, doing things seems to me to be a bad practice in the first place, if there is a actual same process on the firewall. You could monitor the FTP Storage and simply alert, if there is a missing backup.

    But i am simply pointing out, this could be potentially be an problem. (Having a SSH Key laying around to all customers with full access). 

    __________________________________________________________________________________________________________________

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?