This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restore to different XG using API - results

Hi folks,

yesterday I decided to see if what I suggested in another thread would work and that is to use the API export/import function for a restore.

First fail was you still need to use the XG backup security key if you wish to performa full restore.

Next the file was accepted by my home XG and the restore process started.

For some reason that does not show in the logs the system diagnostics report no activity for about 5 hours until I logged in this morning. The CPU does show no usage and is active. Strange. The restored XG is connected the the internet through the XG115w.

Next I checked the various items that should have been changed

1/. clientless users, not updated

2/. anti-spam failed to start, a manual restart was required.

3/. one interface is incorrectly labelled as WAN and as a result the DHCP server for that interface was not restored. This could be caused by the interface order being different on the XG115W to the order on the home machine.

4/. I tried a restart of the XG to see if that would fix the missing items, fail.

5/. after the restart the proxy service will not start, tried a number of times.

6/. DDNS update now has two entries, one for the old name and one for the restored name, the old name for the home machine still registers and not surprising the restored name does not because it would be a duplicate entry in the DDNS application server. Also the restored name does not get assigned an IP address on the restored XG.

I have not checked all the rules because of the missing interface.

Ian

Ian



This thread was automatically locked due to age.
  • I also receive the daily reports which are specific to the home XG hardware.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Check the apiparser.log if the import canceled for some reason. 

    __________________________________________________________________________________________________________________

  • Thank you for the pointer. The file was corrupt, so I started the process again.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi folks,

    a fresh start of the api process completed successfully according to the logviewer - admin.

    Issues 

    1/. two  entries in the DDNS update table, one of 5th gold name and one for  the new name

    2/. Network - DNS only shows an entry for th old name, the new (migrated) name has not been added.

    3/. I now have somewhere over 70 firewall rules, migrated should have been 47.

    4/. firewall rule order is strange

    5/. I now have 50 clientless user, the migrated file only has 44.

    6/. the apiparser.log file is compressed so not easily reviewed.

    Summary, the migrated version is better than having to build from scratch, but does require a significant review before putting online.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Just to be sure: API Import/Export will add only content. So it will add to the currently available config additional config with the entities.xml. 

    __________________________________________________________________________________________________________________

  • Thank you. So a fresh clean install is best to use the API restore feature?

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Depends on the use case. So in general: API Import/export does the same like you would do on the webadmin. It will click and create/update objects. 
    Backup/Restore will replace the configuration. 
    Those are in general different use cases. 

    __________________________________________________________________________________________________________________

  • One use case would be to move a configuration from an XGxxxW to and none XGxxx version preferably with the same number of interfaces.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • A fun day was had trying to install a fresh version of v19.5 EAP on my backup home machine. a disk failure caused lots of grief after performing a bios update.

    Sorted out the issue, replaced the disk on a different interface.

    What use is this experiment, well you can build a new back machine with al the basic Sophos default values which I had deleted previously and then add most of your current configuration which would not be good in a backup/restore situation because the items would be removed..

    Outstanding issues

    1/, https proxy is still dead, will not restart either manually or with a rebooted system

    2/. the Sophos assistant has returned and I cannot remember how to stop it.

    Wish I had a production machine as fast as my backup machine.

    Summary, except for the proxy all seems to be working well. Next challenge is to register it in CM again.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • You will also need to regenerate you XG CA.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.