4.2.4. Settings export and import

The administrator can save the current UserGate settings in a file and later restore them on the same or another UserGate server. This is different from a backup in that importing/exporting the settings does not preserve the current state of all system components --- only the current settings are saved.

Note

Settings export is a cluster function i.e. the configuration of all cluster nodes is exported. When you import the configuration, you will be prompted to select the desired cluster node to restore.

Note

Importing/exporting the settings does not preserve the cluster state or license information. After completing the import, you will need to re-register UserGate using the existing PIN code and, if necessary, re-create the cluster.

Note

If MFA via TOTP used, TOTP initialization keys are not stored. Reinitialization is required.

You can export either all settings (except those listed above) or export network settings only. When only the network settings are exported, the following information is preserved:

  • DNS settings.

  • DHCP settings.

  • The settings for all interfaces, including tunnels.

  • Gateway settings.

  • Virtual router (VRF) settings.

  • WCCP settings.

  • Zone settings.

To export the settings, follow these steps:

Task

Description

Step 1. Export the settings.

In the Device management --> Settings export and import section, click Export --> Export all settings or Export network settings. The system will save the current server settings in a file named

utm-utmcore@nodename_ version- YYYYMMDD_ HHMMSS.bin, where:

nodename is the UserGate node name;

version is the UGOS version; and

YYYYMMDD_ HHMMSS is the settings export time in the UTC timezone, for example:

utm-utmcore@heashostatot_6.1.1.10462R-1_20210511_095942

To apply the exported settings, follow these steps:

Task

Description

Step 1. Import the settings.

In the Device management --> Settings export and import section, click or tap Import, and browse to the path of the settings file created earlier. The settings will be applied to the server, after which the server will reboot.

Note

To correctly import rules that use updated UserGate lists (applications, URL categories, etc.), the SU and ATP modules license required, as well as downloaded UserGate lists.

In addition, the administrator can configure a scheduled settings upload to external servers (FTP, SSH). To create a schedule for uploading settings, follow these steps:

Task

Description

Step 1. Create an export rule.

In the Device management --> Settings export and import section, click Add and enter a name and description for the rule.

Step 2. Specify the remote server parameters.

In the Remote server tab of the rule, specify the parameters for the remote server:

  • Server type: FTP or SSH.

  • Address: the server's IP address.

  • Port: the server's port.

  • Login name: the user account on the remote server.

  • Password/Repeat password: the password for the user account.

  • Directory path: the path on the server where the settings will be uploaded.

Step 3. Select the upload schedule.

In the Schedule tab of the rule, specify when the settings should be uploaded. If specifying the time in the crontab format, enter it as follows:

(minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6, where 0 is Sunday)

Each of the first five fields can be defined using:

  • An asterisk (*): denotes the entire range (from the first number to the last).

  • A dash (-): denotes a number range. For example, "5-7" means 5, 6, and 7.

  • Lists: comma-separated numbers or ranges. For example, "1,5,10,11" or "1‑11,19‑23".

  • The asterisk and dash are also used for spacing out values in ranges. The increment is given after a slash. Examples: "2-10/2" means "2,4,6,8,10" while "*/2" in the "hours" field means "every two hours".