This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Compare firewall backups

My SG UTM firewall take automated backups once per week. I need to roll back to a previous version but I don't know what changes will be lost. Is there a tool or some quick way to compare the rules in 2 firewall backup files, so that I can see what's different?

Or, is there a way to export all of the firewall rules to a non-binary file (maybe an xml or csv)? I can export what I have now, then restore the backup from a few weeks ago and then export that one, and then compare them.

Thanks.



This thread was automatically locked due to age.
  • That would be comfortable, maybe someone else knows about such method. Another one could be export your configuration as printable, restore your backup and export again a printable configuration. Compare these printable configuration. You find these under Support in the menu. Best regards Alex

    -

  • I run utm virtualized.  I had in mind to install a 2nd instance with just a local lan port defined.  I don't recall if the installer will install with just one interface.  If it doesn't I can make a second virtual interface that goes nowhere (for wan).  That way the objects are available for viewing in their native place.

    The idea above needs further investigation.  Is it possible to generate an xml file with all the settings?

    Note, file generated above includes passwords too.

  • I did follow Alex's idea and if you go to Support > Printable Configuration, you can generate a report that can be viewed in WebAdmin format or confd format. I just realized that these are actually XML files. So tonight I'll restore my backup, generate this xml file and then compare it to the one I currently have. Hopefully it will be that easy.

    Running UTM virtualized sounds like a great idea for a lab environment! I did not realize you could do that. Did you create the VM from an appliance or did you start out with a VM? And do you build it as a linux VM and then install the latest ISO for UTM, or does Sophos already offer it as a pre-built VM? (Wondering how I could do this).

     

  • What is the difference between these two (webadmin vs confd formats)?

    As these are xml's, perhaps use notepad++'s compare function to locate the differences, or some other xml parser?

    Sophos has an appliance iso one could install from.  That's what I used when I installed the utm instance directly into a vm. So started out as a VM.  No linux installation needed, the iso installs the full OS.  No prebuilt vm appliances unfortunately.  I suppose that's better from a security standpoint.

    I recently started over.  Previous install was over a year old and getting sluggish.  Used the iso to install into the same vm, formatting the drive as part of it.  Once fully installed, restored a backup file.  Other than having to change some interface/nic assignments, everything was just as before and faster.

    You can also play around with it under vmworkstation.  Production use is under esxi.

  • Awesome. Thanks for the info. 

    Looks like the only difference between the WebAdmin format and the confd format is just the format of the xml. Unfortunately, it does not look like either one includes ALL the data. In other words, it will create a nicely structured XML file and this file could contain well over 150,000 lines. But within the config there are hundreds (if not, thousands?) of links to other config pages.

    I found a post on this community page with some tips on how to export a complete configuration page (https://community.sophos.com/products/unified-threat-management/f/general-discussion/22706/howto-export-complete-printable-configuration) - haven't tried it yet but it looks tedious.

    Having a VM clone of my UTM appliance would be excellent. I could just restore my old backup to the VM and then put both web interfaces side by side on my screen and compare the rules.