Backing up the Security Network IPS sensor

Technote (FAQ)


Question

What are the instructions to back up your Security Network IPS (GX) sensor?

Answer

Important: When performing administration tasks via ssh or local console, configuration changes made to your IBM appliance by any user other than admin could degrade appliance performance. Installing or activating other services or applications may also impact appliance performance or security. IBM Infrastructure Security Support will not support configuration changes made using the root user account unless specifically directed by a support engineer or IBM documentation. The following DCF Technote content is supported. Any further changes made that are not included in this document will place your product into an unsupported state and IBM product support may require you to reimage your appliance to restore it to a supported state.



There is a built-in method provided with the GX sensor that allows you to backup the appliance. This is accessible via the 'admin menu' by logging into the appliance with the admin account via SSH or console connection. Be aware that only one full system backup can be kept locally on the device. Running a system backup will overwrite any previous full system backups.

Notes:
  • It is a good practice to make a backup of the system settings after each firmware upgrade or after applying any IBM directed patch so the most current backup is available, if needed.
  • You may want to consider cleaning up some of the excess log files that may no longer be required. This is not required but may help reduce the size of the backup files. Below is a list of some things which you may consider removing prior to backing up:

        - Old messages files (the current day's file will be messages while previous days will have a number appended to them, such as messages.1) - located in /cache/log/.
        - Old capture files that are no longer needed - from the web interface, go to Review Analysis and Diagnostics > Downloads > Logs and Packet Captures. Under the Log Evidence and Rolling Packet Capture tabs, you can click the Delete button at the bottom to delete all the files located in that tab.
        - Any firmware update packages - located in /cache/spool/updates/.
        - Old ProvInfo support files that are no longer required - located in /cache/support/.


Creating a full system backup

  1. Log in to the sensor using the admin account via SSH or console connection.

  2. From the Configuration Menu, select Appliance Management.

  3. In the Appliance Management Menu, select Backup Current Configuration. You will then receive the following warning:

    This will write all configuration settings to a backup
    partition on the appliance. You will not have remote access
    to the appliance for approximately 5 minutes while the
    backup process completes.

    The appliance will be rebooted.
    Would you like to proceed with the backup?


  4. When you select OK, the appliance will be brought down during the backup. This will result in a brief network outage during the reboots of the appliance. Schedule accordingly for this.

  5. (Optional) To move the backup to a remote location, use a secure copy program (such as WinSCP) to copy the following files from the /restore/0/images/.

    Note: For versions 1.x, 2.x, and 3.x, these files will be in /backup/images/.
    • cachestruct.tar
    • image_sda1_.000
    • image_sda1_.000.md5
    • image_sda3_.000
    • image_sda3_.000.md5
    • image_sda5_.000
    • image_sda5_.000.md5
    • info


Restoring a backup from a remote system

Note: If the files are already present on the system, start with step 3.

  1. Copy the files specified below from the remote location to the /restore/0/images/ directory using a secure copy program. You must use the root account when using secure copy. Do not overwrite the files grub.cmd and partimage.

    Note: For versions 1.x, 2.x, and 3.x, these files will be in /backup/images/.
    • cachestruct.tar
    • image_sda1_.000
    • image_sda1_.000.md5
    • image_sda3_.000
    • image_sda3_.000.md5
    • image_sda5_.000
    • image_sda5_.000.md5
    • info

  2. Reboot the device.

  3. At the login prompt, log on to the device use the admin credentials.

  4. From the Configuration Menu, select Appliance Management.

  5. From the Appliance Management Menu, select Restore Configuration From Backup. You will then receive the following warning:

    Appliance will be restored from the system backup dated:
    YYYY/MM/DD HH:MM:SS (date when backup was completed)

    You will not have remote access to the appliance approximately
    for 5 minutes while restore operation completes.
    Would you like to proceed with restore?


  6. Select OK at the confirmation screen to proceed with the restore process.

  7. The appliance will automatically reboot to begin the restore process.

  8. The appliance will reboot again after the restore process has completed.



Related information

A Spanish translation is available


Cross reference information
Segment Product Component Platform Version Edition
Security Proventia Virtualized Network Security Platform Documentation Firmware 3.1, 3.3, 4.1, 4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2

Historical Number

4541

Document information


More support for:

IBM Security Network Intrusion Prevention System
Documentation

Software version:

1.8, 2.5, 3.3, 4.1, 4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2

Operating system(s):

Firmware

Reference #:

1436111

Modified date:

2013-10-28

Translate my page

Content navigation