Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 2179 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rebuild UTM - confirm steps

Jean Thibodeau

Am newbie with Sophos UTM Home Edition (9.7) that spent 2-3 weeks fighting through intermittent problems setting up the unit because, it turns out, I have bad RAM. Have fixed that and things have stabilized in general. I'm still having a few problems that may well be rookie issues but I also wonder if there might have been permanent corruption so am thinking of taking a backup, reinstalling the restoring the backup.

A couple of questions:

1. Is it fair/accurate to think there's been some hidden corruption from past bad RAM? 

2. Will the following process work for this:

i) use webadmin to do factory reset

ii). take a USB drive and "write the backup file to the root of a USB stick and rename it to 'restore.abf'. Plug the USB pen drive into the UTM and reboot it to automatically restore the config to the UTM." taken from this support page

Or am I better for step i) to do a reinstall from original boot CD I created instead? (will the unit boot from CD first automatically?)

3. Anything missing?

4. Will this remove any corruption?

Anh info would be appreciated



This thread was automatically locked due to age.
  • 0

    It has been my experience from more than one occasion to just start from scratch if you have something catastrophic enough to warrant a wipe of a UTM.  In your case however, you just had bad hardware.  Linux/Unix flavors tend to manage memory a lot better than any Microsoft product, so I think that your restore from a backup wouldn't be hindering at all.

    I would really go with the simple steps first and going through a factory reset and restoring from a backup that you know to be good.  Make sure that your versioning is the same.  Path of least resistance.  ;)

    You can restore from backup at your desk.  Once you upload and apply the restore, it will most likely boot you out of your browser session and have you log back into the UTM with those credentials that were good at the time the backup was taken (from your restore).  This process is literally a small amount of time to perform, and negligible really in time tracking.   

    It really is one of the more painless processes to go through with Sophos.  it will take you about an hour to reload a UTM from scratch, whereas factory reset is literally just a few minutes.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    thanks. so if bad RAM is not considered catastrophic, what is? how likely is this to help or do anything for me, besides clean up dumps and remnants of past problems? The data disk had filled up to 40% of about 40GB. 

    Currently I have the first three ports (eth0,1,2) bridged for LAN and eth3 is WAN port. Does factory reset mean only eth0 will be available after the restart from which to login to do the restore? 

    Thanks again

  • +1 in reply to Jean Thibodeau

    For me, a catastrophe was when even after fixing the issue the UTM, would not boot up, wipe it, it returned with a reboot of the UTM, like in 9.6, and again for me in 9.7 (which was a NIC driver incompatibility with UTM that's been a problem for years).  It would be to the point where functionality of the device is severely hindered or just not working correctly/at all.

    If you feel you need to clean up, the factory reset is the way to go.  It will clear out:

    • System configuration
    • Web Filter cache
    • Logs and reporting data
    • Databases
    • Update packages
    • Licenses
    • Passwords
    • High availability status

    Factory reset will be just like when you got the system loaded and were in the UTM for the first time, and it will shut down.  It should be the original configuration as you set it up when you filled in the information when loading from CD/USB the first time, so your ports would be back to that original config.  Once you do restore from your backup.abf file, your configuration will reload the UTM with your set up information and how you had your setup, but things that you edit with SSH may not be part of that backup, like any special SSH commands you ran to modify the UTM (if it even applies, most likely not).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Jean Thibodeau

    I like Amodin's suggestions, Jean.  Please let us know what you had to do to get it working again.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    did the factory reset and restore, and looks as I had it before (minus an history, of course) but I can't log in using webadmin through IPSec VPN, which I need before I can put the thing back in prod. Would a factory reset cause that? The VPN is up, although I did have to fiddle with it initially, basically turn VPN off/on, reboot, but didn't make any config changes so it's a bit strange because it was working fine before reset...

  • 0 in reply to Jean Thibodeau

    Yes, when you do a factory reset and boot up the device, it's going to be like you've never done anything with it before except load it.  So, it's back to square one until you restore the backup.  You might have to check the monitor screen on the device to see the IP address assigned to it.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0

    I just went through this myself a few weeks ago.  I didn't have any issue or corruption with the old system. I had allocated too much space 3 years ago and was now moving all my vm's to a ssd so needed to consolidate.  Turns out 250GB is way too much. 35GB is plenty.

    This is the partition sizing on the new system

    Several keys items needed to be saved.

    1) Logs for the past year
    2) Reporting database
    3) Config file backups (all of them if possible)
    4) Wpasupplicant data (required for att fiber gateway bypass)

    1) Log archives were saved then restored using tar command in the old/new installations.

    2) See post by @DavidRocha in this thread  

    Migrate Logs to new Appliance
    Suggested Answer
    Hi all, is there a way to migrate all the logs and reportings from an old appliance to a new one? Thanks for your help. Cheers, Fred
    By in UTM Firewall > Management, Networking, Logging and Reporting
    6 replies
    Latest by
      . There's a few steps omitted, but if one has some basic knowledge, the provided info lays a good ground work on the process.

    3) See this post -  

    Where Can I find backup files on filesystem ?
    Not Answered
    Hi People, I need to find where are the backup files automatically generated by Astaro in the filesystem. Where the backup files are stored ? I logged in Astaro by ssh and tried to search "find…
    By in UTM Firewall > General Discussion
    15 replies
    Latest by
      .  Similar to #1, I did a tar on the old then extracted to the new. More information about backups here -   .

    4) Tar again.  I simply backed up the entire folder containing scripts and certs, then restored on the new.  Given this is triggered by a cronjob at /etc/crontab-static I had to duplicate it on the new system.  *** this is not part of a normal config, only for those doing a gateway bypass on att/fiber configurations (  ).

    Depending how complicated the previous config was, I'd probably start over from scratch entirely. There's no telling what got corrupted in the configuration which was then carried over to the config file. I have mine set to generate and email a config backup file weekly. Now that there's a nas involved, I will set up some sort of cron job (with commands from #3) to create one daily on the nas.  It's cheap insurance for when trouble strikes.

  • 0 in reply to Jay Jay

    ok, as suggested I went for the full re-install and right off the bat it's a world of difference. I have little doubt some of the initial config got mucked up and it simply got worse from there. In fact I didn't think anything this mature could be this hard with functionality that was so buggy or not as advertised.

    It hasn't been long but I think I'll be much better off from here. Thanks for your replies.

  • 0 in reply to Jay Jay

     Jay,i already backed up the entire folder containing scripts. certs and employee monitoring software reports  

Unfiltered HTML