4.2.3. System backup management

This section describes how to manage UserGate device system backup: setting configuration export rules, creating a backup, restoring the UserGate device.

To create system backup, follow these steps:



Step 1. Create system backup.

In the Device management --> System backup management section, click Create system backup. The system will save the current server settings in a file named

backup_PRODUCT_NODE-NAME_DATE.gpg, where:

PRODUCT is the UserGate product type: NGFW, LogAn, MC;

NODE-NAME is the UserGate node name; and

DATE is the backup time in the UTC timezone.

The backup process can be interrupted by pressing the Stop button. A record of the backup being created will be displayed in the event log of the device.

To restore the device state, follow these steps:



Step 1. Restore the device state.

In the Device management --> System backup management section, click or tap Restore system backup, and browse to the path of the settings file created earlier to upload it. Recovery will be prompted in the tty console when the device is rebooted.

In addition, the administrator can configure a scheduled settings upload to external servers (FTP, SSH). To create a schedule for uploading settings, follow these steps:



Step 1. Create a backup export rule.

In the Device management --> System backup management section, click Add and enter a name and description for the rule.

Step 2. Specify the remote server parameters.

In the Remote server tab of the rule, specify the parameters for the remote server:

  • Server type: FTP or SSH.

  • Address: the server's IP address.

  • Port: the server's port.

  • Login name: the user account on the remote server.

  • Password/Repeat password: the password for the user account.

  • Directory path: the path on the server where the settings will be uploaded.

You can use key to be authorized on SSH server. To import or generate key click SSH key setup and choose Import key or Generate key.

Important! An old SSH key will be deleted when you generate the new one. The public key must be located on the SSH server in the user keys directory /home/user/.ssh/ in the authorized_keys file.

During the first configuration of the rule for backup export to SSH remote server, a connection check is required (the Test connection button); when checking the connection, the fingerprint is placed in known_hosts, without checking the files will not be sent.

Important! If you change or reinstall SSH server, backup files will not be available since the fingerprint has changed - it is spoofing protection.

Step 3. Select the upload schedule.

In the Schedule tab of the rule, specify when the settings should be uploaded. If specifying the time in the crontab format, enter it as follows:

(minutes: 0-59) (hours: 0-23) (days of the month: 1-31) (month: 1-12) (days of the week: 0-6, where 0 is Sunday)

Each of the first five fields can be defined using:

  • An asterisk (*): denotes the entire range (from the first number to the last).

  • A dash (-): denotes a number range. For example, "5-7" means 5, 6, and 7.

  • Lists: comma-separated numbers or ranges. For example, "1,5,10,11" or "1‑11,19‑23".

  • The asterisk and dash are also used for spacing out values in ranges. The increment is given after a slash. Examples: "2-10/2" means "2,4,6,8,10" while "*/2" in the "hours" field means "every two hours".