I want the backup of the hosts to be done separately, in that way I could restore that backup also separately, in case of a problem, for example if I need to install a second UTM with all configurations different from the first one (Network, Firewall, NAT and so on), and want to restore the same hosts to it, this function would be useful. But for now it is for backup purposes, as we have already experienced cases of losing host records on the UTM after upgrades. Some solutions already have this option, like PfSense Firewall.
"if I need to install a second UTM with all configurations different from the first one (Network, Firewall, NAT and so on), and want to restore the same hosts to it"
you might want to consider the free UTM Manager package, Antonio. You could configure only network objects (Networks, Hosts, DNS Hosts, DNS Groups, etc.) on it. Then, simply configure the UTM to use the configurations from the UTM Manager. For future additions, if you want an object to appear in every UTM attached o the UTM Manager, add the object to the Manager. If it should be unique to one device, configure on that device.
"we have already experienced cases of losing host records on the UTM after upgrades"
I've not seen this particular issue, but there has always been a danger of an Up2Date "breaking" a configuration. My guess is that in fewer than 1 in 1000 installations, the Up2Date process runs into a particular combination that causes a problem. Most of the time, just restoring the backup made automatically before the Up2Dates were applied will fix any issues.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
What is the purpose of being able to backup and restore hosts, Antonio?
Cheers - Bob
I have also wished for this because after many attempts to figure out significant issues with my UTM (configuration, reinstallation, replacing hardware, etc.), I would like to be able to rule out the possibility of my rules causing the problem. However, it's all or nothing, with a lot of time invested in defining networks, it would be more palatable to only re-create the security rules without needing to manually re-enter all of the host definitions (since this requires MAC knowledge for static leasing).
If we could selectively restore portions of a backup, that would probably be just as well (for my own purposes).
I recently went through something where a selective restore might of been helpful.
Downgraded from 9.510-4 to 9.509-3. Unfortunately a number of changes were made after installing the upgrade.
The downgrade process involved running both side by side then manually recreating the changes to the older from the newer version. It was a time consuming process with lots of alt-tabbing between browser tabs.
I can see how a selective restore process can be complicated. Nearly all elements of other modules rely on base network/service definitions. I suppose if a firewall rule was restored then its associated objects would also be restored/overwritten if they didn't/did exist.
