Backups and how they work
Backups are needed to recover from the loss of the system configurations, for example, due to hardware failure. Backups also allow you to relocate the SMC servers onto different hardware.
The Management Server is the only component that contains usable, complete configuration information for any individual engine component. The engines contain a working copy of the configuration details that allows them to carry out traffic inspection independently. It is not possible to extract this information from the engines if the Management Server is lost. For this reason, regular Management Server backups are essential and must be stored in a safe storage location outside of the computer where the SMC servers are installed.
Always take the backups using the proprietary backup tools in the Management Client, on the Management Server command line, or on the SMC Appliance command line. Third-party backup applications that back up the host system might not produce usable backups of your SMC servers, especially if the SMC servers are running when you take the backup.
Restoring backups allows you to restore the configurations to the state they were when the backup was taken, even if you restore the backup in a different SMC.
Different types of backups contain different information:
- The Management Server backup contains the policies, elements, and other configuration details for all NGFW Engines that they manage. The Management Server backup also contains the configuration information of the Web Portal Server and of the Management Server itself.
- The Log Server backup contains the Log Server’s local configuration and optionally the logs.
- On the SMC Appliance, the Management Server and Log Server backups also contain the SMC Appliance configuration files.
The backup files are saved in the <installation directory>/backups/ directory of the server on which they were created.
The following limitations apply:
- In FIPS-compatible operating mode, you can only restore backups that were created for an SMC in FIPS-compatible operating mode.
- You cannot restore backups that were created in an SMC in FIPS-compatible operating mode on an SMC that is not in FIPS-compatible operating mode.
- The private keys of engine certificates are stored locally on the engines and are not backed up.
- If you restore an SMC Appliance backup onto third-party hardware, SMC Appliance configuration information is ignored. Only the Management Server and Log Server backups are applied.