Guidelines and Limitations for Backup and Restore
Backup and restore have the following guidelines and limitations.
Caution | Users with CLI access can access the Linux shell access with the expert command, which can present a security risk. For system security reasons, we strongly recommend:
|
Backup and Restore Is for Disaster Recovery/Return Material Authorization
Backup and restore are primarily intended for Return Material Authorization (RMA) scenarios. Before you begin the restore process of a faulty or failed physical appliance, contact for replacement hardware.
Backup and Restore Is Not Configuration Import/Export
A backup file contains information that uniquely identifies an appliance, and cannot be shared. Do not use the backup and restore process to copy configurations between appliances or devices, or as a way to save configurations while testing new ones. Instead, use the import/export feature.
For example, threat defense device backups include the device's management IP address and all information the device needs to connect to its managing Security Cloud Control. Do not restore an FTD backup to a device being managed by a different manager; the restored device attempts to connect to the manager specified in the backup.
Restore Is Individual and Local
You restore threat defense devices individually and locally. This means:
-
You cannot batch-restore to high availability (HA) devices. The restore procedures in this guide explain how to restore in an HA environment.
-
You cannot use Security Cloud Control to restore a device. For threat defense devices, you must use the threat defense CLI, except for the ISA 3000 zero-touch restore, which uses an SD card and the reset button.
-
You cannot use an management center user account to log into and restore one of its managed devices. The management center and threat defense devices maintain their own user accounts.