2.4. Backup and Restore

Home Prev	cOS Stream 4.00.03 Administration Guide	Next

The administrator has the ability to take a snapshot of a Clavister NetShield Firewall system at a given point in time and restore it if necessary. Backups can be one of the following two types:

Configuration Backup

This is a backup of the entire current configuration but does not include a copy of the system software itself. This backup is the default type. Restoring this backup will only restore the original configuration.
System Backup

This is a backup of the current configuration and includes a copy of the system software itself. This requires using the -system option when creating the backup. When the backup is restored, the current software version will be replaced by the version in the backup.

Creating a Backup

Backups are created in two steps:

Step 1:

A backup is first created as a single file in local volatile memory. A configuration only backup is created with the following CLI command:
```
System:/> backup -create
```
Alternatively, a full system backup consisting of the current configuration as well as the current software version is created with the command:
```
System:/> backup -create -system
```
The file created will be placed in the root folder and it will have the default name config-YYYYMMDD.bkp where YYYYMMDD indicates the current date.

If a specific filename is desired for the backup file then the command form is:
```
System:/> backup -create <filename>
```
Step 2:

Once created, backup files are transferred to an external computer by downloading the files from the Clavister NetShield Firewall using SCP (Secure Copy). As stated above, all backup files are saved in the root folder.

It is important to note which Clavister NetShield Firewall hardware the backup file came from so that it can be restored to a processor that has the same logical interface names.

SCP usage is described further in Section 2.1.6, Secure Copy.

	Note: Backup files are temporary
	Any backup files created are not held in permanent memory and will disappear after system restarts.

Restoring a Backup

Restoring a backup is also a two step process:

Step 1:

Use SCP to upload the backup file to the root folder of the target Clavister NetShield Firewall. For example:
```
> scp config.bkp admin1@10.5.62.11:.
```
SCP usage is described further in Section 2.1.6, Secure Copy.
Step 2:

To make the uploaded configuration the current configuration, the following CLI command is used:
```
System:/> backup -restore <filename>
```
Where <filename> is the name of the file in cOS Stream's root folder.

To list all the backup files, use the CLI command:
```
System:/> backup -list
```
When a restore begins, the selected file is validated before it replaces the current configuration. For the new configuration to become active, the CLI commands Activate followed by Commit are required after the restore is complete.

	Caution: Do not perform a restore with live traffic
	A restore operation should not be attempted with live traffic flowing through the firewall. Any traffic flows will be disrupted.

Reverting to a Backup

After performing a restore operation, cOS Stream retains a copy of the original configuration (that is to say, the configuration that the restore replaced). This copy can be reactivated at any time with the CLI command:

System:/> backup -revert

A revert operation always uses the configuration in effect previous to the last restore if there was one. If no restore has been performed, a revert operation will have no effect.

Restoring to a Dissimilar Processor

It is important to restore a backup to a configuration which has the same interface names as the original hardware from which the backup was taken. The reason for this is that the backup may refer to logical interface names that do not exist on the new hardware.

Interface ID Collisions

Every interface in a backup file has a unique ID assigned to it which is based on the ordering of the interface in the system. In some unusual circumstances, the IDs of the interfaces in a backup might not agree with the IDs of the physical system. This might occur if an interface was deleted from a configuration and then later added back in.

When such a mismatched backup is restored, the restore will fail with a message that includes the line:

In VLAN vl: Interface ID change of 'vl'(nnnn->mmmm) is not supported.

Where nnnn and mmmm are the conflicting IDs. To force the restore so these ID mismatches are ignored, use the command:

System:/> backup -restore <filename>.pkg -reboot

This forces the system to reboot and then use the backup file.

Resetting to Factory Defaults

A special case of backup command usage exists for restoring the current configuration to the original factory default configuration:

System:/> backup -factoryreset

The following points should be noted about this operation:

Since the default configuration will be restored, this should only be done via an SSH client which is connected to the default management interface using the default management IP address or from a console which is connected to the firewall's local console interface. Otherwise, connection to the CLI will be lost after the command is issued.
The current configuration will be lost after a reset and cannot be recovered. For this reason, this operation should be used with caution.

To remind the administrator that the command is irreversible, a prompt appears to ask if cOS Stream should proceed:
```
System:/> backup -factoryreset
This will reset the current configuration to factory default
and reboot the system.
This change is not reversible.
Are you sure you want to continue? [yes/no]: yes
Resetting configuration to factory default...
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Reset configuration to factory default successfully.
The system is going down NOW!
```
In CLI scripts, the -force option must be used to ignore any prompts since a script cannot respond to a prompt.

If both the configuration and the current version of the software are to be restored to the factory defaults, the CLI command becomes:

System:/> backup -factoryreset -system

This will similarly reboot the system once the reset process has completed. All upgrades of cOS Stream performed since hardware delivery will be lost as well as the current configuration.

Factory Resets on Clavister Hardware Products

Where cOS Stream is running on a Clavister hardware product, it is possible to reset to factory defaults by keeping a switch on the hardware appliance depressed for a given length of time. This procedure is fully explaining in the factory reset section in the Getting Started Guide for the relevant hardware guide.

An additional way to perform a factory reset on Clavister hardware products is to use the hardware's boot menu. This menu is entering by repeatedly pressing the Esc key at the local console as the hardware powers up. This menu is explained further in a dedicated section of the Getting Started Guide for the relevant hardware product.