Introduction
The Forum Sentry API Security gateway (all form factors) provides multiple mechanism for automatically backing up the configuration file (.FSX file).
An automated backup routine ensures that there is always a current configuration backed up for safe keeping. The automated backup process can utilize FTP, SFTP, Amazon S3, or to a database. It is also possible to export and retrieve the FSX via API call utilizing the Sentry REST API.
The backup process changed with Sentry v8.11, please follow the instructions below for your specific version of Sentry.
Automated Backup Configuration in v8.11 and Later Releases
With Sentry version 8.11 there are new Backup Policies which are built separately and the used for backing up the configuration or compressed logs.
1. Create the Backup Policy using your preferred type on the Resource --> Backup Policies page
2. Navigate to the System --> Configuration --> Backup page and select the Backup Policy built in step 1.
Automated Backup Configuration in Older Sentry Releases
The backup routine can be enabled via the WebAdmin or CLI in Sentry.
OPTION 1. WebAdmin (browser)
1. Navigate to the System --> Configuration --> Backup screen.
2. In the Destination drop-down select the backup mode and configure each appropriately. The set of options will change to suit the mode chosen.
- Database - The "Configuration Database" set on the System --> Settings --> System screen is used
- FTP - Enter the FTP site information
- SFTP - Enter the SFTP site information
3. Click Test to verify the settings entered. This will export a configuration file (.fsx) and attempt to backup the full configuration using the backup mode chosen.
4. If the test succeeds, ensure the Enabled option is checked and click save to enable the daily backup routine.
If the test fails, check the Audit and System logs at DEBUG level for more information.
Figure 1: The backup page in the Sentry WebAdmin interface.
OPTION 2. ForumOS CLI (SSH or Serial Console)
1. Access the Forum CLI via SSH or Serial Console. Enter enable mode, so that the ForumOS# prompt is displayed.
2. Run the "system config backup-wizard" command to configure the routine. Depending on the backup mode chosen, there will be different options to enter.
3. Run the "system config backup-test" command to test the settings entered during the wizard. This will export a configuration file (.fsx) and attempt to backup.
the full configuration using the backup mode chosen.
4. If the test succeeds, run the "system config backup-enable" command to enable the daily backup routine.
Export Configuration via REST API
Follow the steps below to export the configuration (FSX file) via an API call into Sentry.
1. Enable the Sentry REST API by following the instructions listed in the article linked below.
How to: Use the Sentry REST API for Policy Configuration and Management
2. Invoke the API operation "export" where you can specify the password (for importing) and optionally an Agent to apply override values during the export.
Figure 2: The Sentry REST API swagger definition for the export operation.
Restoring Exported Configurations
Follow the instructions below to import (restore) a saved configuration.
1. Navigate to the System --> Configuration -->Import screen of the WebAdmin interface.
2. Browse to the FSX file either on disk or in the Configuration Database.
3. Enter the password for the FSX file (specified when exporting).
Figure 3: The Import page of the Sentry WebAdmin interface.
0 Comments