Where can you see the location a UTM backup is being written too? Can it be written to say a windows file share? Albeit I am new to UTM, if its writing it the local data drive, then that surely poses a big risk as if that failed you'd lose the live system and the backup? Is there a default location for the UTM backup, and is that default local to the firewall data drive?
This is not correct. You can automate the backups to an alternate location. Surprising the Sophos staff doesn't know this. if you can manage to mount samba shares on the UTM device, then you can export to a windows share...but I dont know of a way to do this and doubt it's possible given the UTM is a hardened host. So I recommend exporting to a linux box. If that's not possible, then install Virtualbox on windows and run a virtual linux box instead.
I just tested exporting the cfg automated backups from /var/confd/var/storage/snapshots on the UTM9 firewall. 
I scp'd the cfg file from the firewall WITHOUT manually downloading the file from the web gui as recommended.
I created a VM using the software appliance iso available from the UTM downloads page
after install, i ran through the default setup and connected to the new firewall using the web admin gui running on the VM. I renamed the SCP'd/exported file and added the .abf extension (the gui requires this extension)
I then uploaded the .abf file to the web gui, and initiated a restore.
Because the mac addresses were all different compared to the real UTM box, my management interface changed and thus the management address changed, so I had to update my VM network connection. But after that I was able to login to the restored web gui using the production password stored in my backup file. i checked around the web gui and all my network interfaces and all other settings were as expected.
So to automate this I have my automatic UTM backups set for daily snapshots. I setup ssh keys so the UTM firewall can ssh out to the nearby linux backup host without a password and added a firewall rule to allow the traffic. I added a script in /root to rsync all the cfg files found in /var/confd/var/storage/snapshots to the linux backup host and updated crontab to run the script every day. The rsync command preserves file attributes include date/time stamp so all the files still show their associated backup dates. The script also clears out files older than xx days so it wont save too many snapshots.
Granted, I can't guarantee this will work as I have not tested this on a real network yet since my UTM is not in need of a restore. Also, it may have worked now, but Sophos could change the cfg file structure in a future update that breaks this option...anything is possible.
I only tested what I could on a virtualbox setup that has no internet connectivity. But given the above results, I am more confident my exported backups will accomplish the same as a manually downloaded backup.
Hopefully this will help someone else in the future. Good luck. :)
This is not correct. You can automate the backups to an alternate location. Surprising the Sophos staff doesn't know this. if you can manage to mount samba shares on the UTM device, then you can export to a windows share...but I dont know of a way to do this and doubt it's possible given the UTM is a hardened host. So I recommend exporting to a linux box. If that's not possible, then install Virtualbox on windows and run a virtual linux box instead.
I just tested exporting the cfg automated backups from /var/confd/var/storage/snapshots on the UTM9 firewall.
I scp'd the cfg file from the firewall WITHOUT manually downloading the file from the web gui as recommended.
I created a VM using the software appliance iso available from the UTM downloads page
after install, i ran through the default setup and connected to the new firewall using the web admin gui running on the VM. I renamed the SCP'd/exported file and added the .abf extension (the gui requires this extension)
I then uploaded the .abf file to the web gui, and initiated a restore.
Because the mac addresses were all different compared to the real UTM box, my management interface changed and thus the management address changed, so I had to update my VM network connection. But after that I was able to login to the restored web gui using the production password stored in my backup file. i checked around the web gui and all my network interfaces and all other settings were as expected.
So to automate this I have my automatic UTM backups set for daily snapshots. I setup ssh keys so the UTM firewall can ssh out to the nearby linux backup host without a password and added a firewall rule to allow the traffic. I added a script in /root to rsync all the cfg files found in /var/confd/var/storage/snapshots to the linux backup host and updated crontab to run the script every day. The rsync command preserves file attributes include date/time stamp so all the files still show their associated backup dates. The script also clears out files older than xx days so it wont save too many snapshots.
Granted, I can't guarantee this will work as I have not tested this on a real network yet since my UTM is not in need of a restore. Also, it may have worked now, but Sophos could change the cfg file structure in a future update that breaks this option...anything is possible.
I only tested what I could on a virtualbox setup that has no internet connectivity. But given the above results, I am more confident my exported backups will accomplish the same as a manually downloaded backup.
Hopefully this will help someone else in the future. Good luck. :)
