If you go to the Troubleshooting tab of your web gateway you should see "Backup/Restore" on the left hand side. Create a backup by clicking on "Backup to file".
On your new production server you can then restore this backup, by default only the policy tab will be restored. If you would like to restore accounts as well you would need to tick "Configurations and Accounts".
For syncing you may consider Central Management. You can then use the Central Management to synchronize your policy from the lab to the production web gateway.
Yes, I am allready backing the lab config before any new big changes but after reading doc-5207, I wasn't sure of the impact of a backup from one server to a restore on a different one... I will read Doc-4823 and surely come back with more question!!! So much to learn and so little time!!!
PS: Any documentation on the file structure in the gateway itself?
Doesn't work, «Cannot find own UID in backup». So a GUI initiated restore on a different server is a no go... Is it possible another way?
Ok, evidently, it was my fault. I was trying through the GUI to restore with the Configuration and accounts option selected and it's only valid on a server with the same UUID
It's oK, I had a look at it before asking on the site. The migration to another machine is describe but it's not the scenario I was looking for (migrate from lab to production). Anyway, it's done.
Small question: when installing a cert for the GUI, is it something that is synchronise across members of a cluster?
What I found was that GUI settings, including the cert, are per appliance (though, I'm am going from memory in my own testing).
Having recently tested the re-imaging procedure, with a number of run throughs--and hitting way too many problems, I now have a good sense of what's required.
The list of critical areas that are per-appliance settings include (as a minimum):
- Network Interfaces
- Static Routes (requires manual entry--we have up to nine routes, ouch)
- Date and Time (we block NTP to the Internet, so we have to set the time before joining a cluster -- another ouch)
- Central Management: Group runtime, Group update, etc.
- Proxies (HTTPS(S), FTP, SOCKS, ICAP…): HTTP port definition list, Enable SOCKS proxy, etc.
- SNMP: Listener address list, Communities for SNMPv1 and SNMPv2 access
- User Interface
It would be nice if there was a way to force copying settings from another appliance in a backup.
Maybe if there was a way for it to pretend to be another appliance and then change UUID and host name, that might get it. Anybody have a thought about how this might be made to work?.
Also, now that a Cluster CA is required, you have to set that before joining a cluster. It would be nice if this was also taken care of when restoring a backup.
Setting time can be done by setting under "Date and Time" a reachable NTP server and rebooting, or manually with hwclock, as follows:
- Set time zone to UTC: cat /usr/share/zoneinfo/UTC > /etc/localtime
- Set hardware clock: hwclock --set --date "<dd mmm yyyy HH:MM>" --utc
- Set system clock: hwclock --hctosys
Gosh, it sure is nice when restoring a backup works right. Too bad there are so many pitfalls.
I was on vacation for two weeks so apologies my late response. johnaldridge you are right, those settings wont be copied in a backup, most likely all settings part of the configuration tab wont.
What you could do to copy all the settings (I would highly recommend to do this with a standalone appliance only) and keep in mind that this way is NOT supported at all - if you try it then on your own risk!
1. Download the current active configuration from the appliance you would like to backup (via FTP)
2. Replace the UUID with the new one, modify the network settings (hostname, IP etc)
3. Upload this config to the new appliance and make it the active one
If you would like to have a more detailed guide just ping me, I am following both of you so that you can leave me a message
Thank you for the response. If the steps are just a matter of working with directories and text files, then it would be nice to have the relevant paths. If there are special commands, it'd be nice to provide examples.