Sophos Firewall, Sophos UTM, Cyberoam: Backup-restore compatibility check
Zitat von mpca am 12. Mai 2021, 20:28 Uhrhttps://support.sophos.com/support/s/article/KB-000036245?language=en_US
Overview
This knowledge base article helps you do a quick XG, XGS Firewall, UTM, and Cyberoam backup-restore appliance compatibility check.
The following sections are covered:
- Backup and restore compatibility
- Condition to restore the backup
- Important notes
- FAQ
- Additional backup and restore compatibility check
- Appliance model verification
Applies to the following Sophos products and versions
Sophos XG/XGS Firewall
Sophos UTM
CyberoamBackup and restore compatibility
You can restore backups from and to the following:
Backup from Restore to Supported XG running SFOS XGS Yes*# XG running SFOS XG Yes*# XGS running SFOS XGS Yes*# Cyberoam running SFOS XGS Yes*# Cyberoam running SFOS XG Yes*# Cyberoam running CROS XGS Yes*# Cyberoam running CROS XG Yes*# SG running SFOS XGS Yes*# SG running SFOS XG Yes*# *: If it satisfies the version compatibility -- Please refer to ‘Upgrade information’ in the release note for backup restore version Sophos release notes.
#: If it satisfies the condition mentioned in the table below.Condition to restore the backup
Restore to ▶ XG/XGS-on-SFOS appliance without Flexi module option (below XG210/XGS2100) XG/XGS-on-SFOS appliance with Flexi module option (XG210/XGS2100 and onwards) Virtual SFOS appliance Backup from ▼ XG/XGS/SG-on-SFOS appliance without Flexi module option (below XG210/XGS2100) Yes but (If the number of interface criteria is satisfied) Yes (No restriction; not even number of interface condition) Yes but (If the number of interface criteria is satisfied) XG/XGS/SG-on-SFOS appliance with Flexi module option (XG210/XGS2100 and onwards) No Yes (No restriction; not even number of interface condition) No Virtual SFOS appliance Yes but (If the number of interface criteria is satisfied) Yes (No restriction; not even number of interface condition) Yes but (If the number of interface criteria is satisfied) Important notes
- You can do a backup-restore from a wireless appliance to a wireless appliance only with the satisfaction of the condition stated in the table above.
- The Management Interface needs to be configured after the restore in case of a cross-model backup and restore. Example: XG550 to XGS500 or XG450 to XG550.
- If backup from a device with a later IPS pattern version is restored to a device with a much earlier IPS version, the restore may fail. Update the IPS version and then restore the backup.
FAQ
I am seeing some interfaces as “Not Available” after restoring XG550 backup to XGS550?
XGS Firewall models that are equivalent to XG Firewall models (example: XG550 and XGS5500) have more ports, and the names and order of the ports differ. So, configuration backups taken on XG Firewall are restored with different port names on XGS Firewall. The configuration itself remains unaffected since the change also updates the port names in your configuration settings for the mapped ports.
XG Firewall ports that aren’t mapped to XGS Firewall ports continue to appear on Network > Interfaces with the original port names. However, these don’t exist on XGS Firewall and appear with the label “Not available”. In future releases, we’ll ensure that these are deleted. They continue to be assigned to the rules and policies based on the restored configuration.
What to do:
- Interfaces: Go to Network > Interfaces and set the Network zone to None to release the IP address assigned to the unmapped ports.
- Rules and policies: You need to update or recreate rules and policies that have unmapped ports.
- Management ports: Management ports on XG Firewall may be mapped to non-management ports on XGS Firewall. After restoring the backup, you may not be able to access the web admin console using the management ports with the previously configured IP addresses. Configure the management ports again to access the web admin console using these ports.
Can I restore a backup of XG to XGS?
You can restore the backup of XG to XGS. Please refer to the table above for conditions to restore the backup.
Can I restore a backup of Cyberoam running SFOS or CROS to XGS?
You can restore a backup of the Cyberoam device to XGS. Please refer to the table above for conditions to restore the backup.
Additional backup and restore compatibility check
To check the compatibility of Sophos XG Firewall, Sophos UTM, and Cyberoam, do the following:
- Refer to the List of appliances for each Series to determine your backup and restore appliance series.
- Refer to the Backup Restore Compatibility Matrix. In the drop-down menu provided, select your backup appliance series from the Backup From field.
- Select your restore appliance series from the Restore To field.
- As soon as you make your selection in step three, a message will appear whether the backup-restore for the chosen appliances are supported.
Appliance model verification
It is recommended to first verify the exact appliance model before doing a compatibility check in order to obtain accurate information.
Verify via GUI
XG/XGS Firewall
The appliance model can be found in the upper-left corner of the Control Center.
UTM
The appliance model can be found on the Dashboard.Cyberoam
For version 10.0X, the appliance model can be found in the upper-left corner of the GUI and also on the Dashboard.For version 10.6X, the appliance model can be found in the upper-left corner of the GUI and also in System > Maintenance > Backup & Restore.
Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.
https://support.sophos.com/support/s/article/KB-000036245?language=en_US
Overview
This knowledge base article helps you do a quick XG, XGS Firewall, UTM, and Cyberoam backup-restore appliance compatibility check.
The following sections are covered:
- Backup and restore compatibility
- Condition to restore the backup
- Important notes
- FAQ
- Additional backup and restore compatibility check
- Appliance model verification
Applies to the following Sophos products and versions
Sophos XG/XGS Firewall
Sophos UTM
Cyberoam
Backup and restore compatibility
You can restore backups from and to the following:
| Backup from | Restore to | Supported |
|---|---|---|
| XG running SFOS | XGS | Yes*# |
| XG running SFOS | XG | Yes*# |
| XGS running SFOS | XGS | Yes*# |
| Cyberoam running SFOS | XGS | Yes*# |
| Cyberoam running SFOS | XG | Yes*# |
| Cyberoam running CROS | XGS | Yes*# |
| Cyberoam running CROS | XG | Yes*# |
| SG running SFOS | XGS | Yes*# |
| SG running SFOS | XG | Yes*# |
*: If it satisfies the version compatibility -- Please refer to ‘Upgrade information’ in the release note for backup restore version Sophos release notes.
#: If it satisfies the condition mentioned in the table below.
Condition to restore the backup
| Restore to ▶ | XG/XGS-on-SFOS appliance without Flexi module option (below XG210/XGS2100) | XG/XGS-on-SFOS appliance with Flexi module option (XG210/XGS2100 and onwards) | Virtual SFOS appliance |
|---|---|---|---|
| Backup from ▼ | |||
| XG/XGS/SG-on-SFOS appliance without Flexi module option (below XG210/XGS2100) | Yes but (If the number of interface criteria is satisfied) | Yes (No restriction; not even number of interface condition) | Yes but (If the number of interface criteria is satisfied) |
| XG/XGS/SG-on-SFOS appliance with Flexi module option (XG210/XGS2100 and onwards) | No | Yes (No restriction; not even number of interface condition) | No |
| Virtual SFOS appliance | Yes but (If the number of interface criteria is satisfied) | Yes (No restriction; not even number of interface condition) | Yes but (If the number of interface criteria is satisfied) |
Important notes
- You can do a backup-restore from a wireless appliance to a wireless appliance only with the satisfaction of the condition stated in the table above.
- The Management Interface needs to be configured after the restore in case of a cross-model backup and restore. Example: XG550 to XGS500 or XG450 to XG550.
- If backup from a device with a later IPS pattern version is restored to a device with a much earlier IPS version, the restore may fail. Update the IPS version and then restore the backup.
FAQ
I am seeing some interfaces as “Not Available” after restoring XG550 backup to XGS550?
XGS Firewall models that are equivalent to XG Firewall models (example: XG550 and XGS5500) have more ports, and the names and order of the ports differ. So, configuration backups taken on XG Firewall are restored with different port names on XGS Firewall. The configuration itself remains unaffected since the change also updates the port names in your configuration settings for the mapped ports.
XG Firewall ports that aren’t mapped to XGS Firewall ports continue to appear on Network > Interfaces with the original port names. However, these don’t exist on XGS Firewall and appear with the label “Not available”. In future releases, we’ll ensure that these are deleted. They continue to be assigned to the rules and policies based on the restored configuration.
What to do:
- Interfaces: Go to Network > Interfaces and set the Network zone to None to release the IP address assigned to the unmapped ports.
- Rules and policies: You need to update or recreate rules and policies that have unmapped ports.
- Management ports: Management ports on XG Firewall may be mapped to non-management ports on XGS Firewall. After restoring the backup, you may not be able to access the web admin console using the management ports with the previously configured IP addresses. Configure the management ports again to access the web admin console using these ports.
Can I restore a backup of XG to XGS?
You can restore the backup of XG to XGS. Please refer to the table above for conditions to restore the backup.
Can I restore a backup of Cyberoam running SFOS or CROS to XGS?
You can restore a backup of the Cyberoam device to XGS. Please refer to the table above for conditions to restore the backup.
Additional backup and restore compatibility check
To check the compatibility of Sophos XG Firewall, Sophos UTM, and Cyberoam, do the following:
- Refer to the List of appliances for each Series to determine your backup and restore appliance series.
- Refer to the Backup Restore Compatibility Matrix. In the drop-down menu provided, select your backup appliance series from the Backup From field.
- Select your restore appliance series from the Restore To field.
- As soon as you make your selection in step three, a message will appear whether the backup-restore for the chosen appliances are supported.
Appliance model verification
It is recommended to first verify the exact appliance model before doing a compatibility check in order to obtain accurate information.
Verify via GUI
XG/XGS Firewall
The appliance model can be found in the upper-left corner of the Control Center.
UTM
The appliance model can be found on the Dashboard.
Cyberoam
For version 10.0X, the appliance model can be found in the upper-left corner of the GUI and also on the Dashboard.
For version 10.6X, the appliance model can be found in the upper-left corner of the GUI and also in System > Maintenance > Backup & Restore.
Sign up to the Sophos Support Notification Service to get the latest product release information and critical issues.