Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 30542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[BUGs] Import/Export & Backup/Restore

vilic

Just wanted to share my experience on migration from Beta trial license (which expired yesterday) to the new NFR license (or home in someone else case).
Device used was my office UTM120 hardware appliance using software XG version. Just in case, I saved both Export config and Backup files before re-imaging.

Conclusions:
1. Export/Import procedure doesn't work, ended with error message. Tried it multiple times.
2. Backup/Restore worked with this limitations noticed so far:
- admin password was not restored, I had to login with the default one.
- DDNS with Sophos broked with message "DDNS update for host ***.myfirewall.co was Failed". Surprisingly, serial number was not reverted, so I was able to register this device as new on MySophos portal. I had to change DDNS name to something else.
3. It looks like that device serial number and appropriate license keys are not included in Backup file. Imagine that surprise in production environment where you would expect that re-imaging and backup/restore procedure could be finished in 15 minutes...;)



This thread was automatically locked due to age.
  • 0
    Its surprising to see the basic functionalities that made it past QA in this initial release. Also interesting is the fact that due to limited engagement by sophos, the quality of beta testing suffered too. I created multiple vms during beta but the configuration was such a mess that I never tried to import any of my configs.
  • 0
    Vilic,
    I had to move from beta to home license 3 days ago and I can confirm that Admin password is not kept (default one).
    I am not able to test DDns.
    In my XG installation import/export works with no issue.
    I lost all reports and what I would like to export is reports too.
    I agree with you that they need to improve backup/restore procedure. Maybe restore should be possible without activation/synch or later from XG web IF.
    Configuration should be encrypted with password otherwise Who has access to bck file can restore your XG and access your configuration.

    A lot of work.

    Luk
  • 0 in reply to lferrara

    Did you do a full export /  full import? I am trying to use the export / import to move some configuration items between 2 installs and while export works as I would expect, import always fails with the not so useful message of "Invalid file passed."

  • 0 in reply to GaryChancellor

    After some (a lot) of trial and error, I managed to create an export set of configurations and then import them again between 2 installs. Here are the undocumented requirements:

    1) the file you choose for import must be a tar file even if there is only the 1 Entities.xml file in it.

    2) the file inside the tar file has to be called Entities.xml

    3) the tar file has to be created within the local directory reference (i.e. tar cvf somefilename.tar ./Entities.xml)

    4) beware of Mac OSX tar - it can add special file entries, other platforms dont understand

    5) Of course, any edits you make to the xml are dangerous and may have undesirable results

    6) Beware of dependencies, the export includes them, you will need them too if it is required in the object hierarchy

    I take back half the bad things I said about XG today....

  • 0 in reply to GaryChancellor

    Gary,

    nice thread and testing. Good job! Sophos should provide more documentation on "how to export/import configuration file". A deep guide is needed.

    Thank you for your contribution!

  • 0

    Some additional notes from my re-image exercise (this is actually in response to a support ticket related to the built in wifi services not working on a 135W):

    What doesn't work via import:

    Clientless Groups - they just won't import
    WebFilter Policies - it imports the policy but none of the associated web filter category settings (Beware - you will have a policy, but it wont do anything).

    Export issues:
    Security Policies - since export doesn't include the details for users/groups, the import doesn't repopulate them either

  • 0 in reply to GaryChancellor

    Hi,

    I would like to share some additional info in export/import operation.

    If you want to import SecurityPolicy you have to pay attention to <services> section.

    Beware of services dependencies, cause the system can't import service with name starting with "#"

    This worked for me:

    - export Services

    - edit Entities.xml (you have to remove # from name)

    - pack TAR and import

    - export SecurityPolicy

    - edit Entities.xml (you have to remove # from <Service># to <Service>)

    - pack TAR and import