Firewall configuration

Activating automatic backups

  1. Select the Backup tab in the module Configuration > System > Maintenance.
  2. In the screen Configuration automatic backup, select the checkbox Enable automatic backup.

Sending backups to Stormshield Network Cloud Backup

In order to enable automatic backups to the Stormshield Network Cloud backup service, select the value Cloud backup for the field Backup server selection.

The SN Cloud Backup feature is available on all Stormshield Network Firewalls. However, the service requires the Firewall to be under a valid maintenance contract.

Backups will then be saved in your secure-access area (https://mystormshield.eu) and identified by the firewall’s serial number. For this feature, it is therefore not necessary to enter a login and password in the Preferences module.

Only two additional fields need to be filled in:

  • Backup frequency: select one of the 3 frequencies offered (every day, every week or every month).
  • Password of the backup file (optional): Indicate a password that will serve to protect the backup file. You will be asked to provide this password when this file is used for the purpose of restoring a configuration.

Sending backups to a customized HTTP/HTTPS server

In the field Backup server selection, select the value Customized server. Next, fill in the various fields in the module Advanced configuration.

  1. Backup server: select or create directly from this field an object representing the server to which the Firewall sends its automatic backups. If the name of the server takes the form of server.mycompany.com (FQDN), ensure that the firewall can indeed resolve this DNS name.
    The field Server URL will be entered automatically according to the values entered in the fields Backup server, Server port, Communication protocol and Access path.
  2. Server port: select or create directly from this field an object representing the listening port of the backup server (port network object).
  3. Communication protocol: select HTTP or HTTPS (recommended) according to the protocol used on the server.
  4. Server certificate (only if HTTPS has been selected): select the certificate of the backup server created or imported earlier in the firewall’s PKI.
  5. Access path: indicate the folder of the server in which backups will be stored.

IMPORTANT

For firewalls in a firmware version lower than 1.2.0, this path has to be preceded by a “/”. Example: /autobackup

  1. Method of sending: select the access or authentication method used for placing the firewall’s backups on the server (POST access control or Basic/Digest authentication for WebDAV).
  • The POST method does not involve any authentication. On the server side, it requires a script to process received data (saving of received files in a particular folder, etc.). This script also checks for a “control name” in the data traffic in order to process it.
  • The Basic identification method (RFC 2617) is unsecured by nature, as it sends the encrypted password in Base64 but in plaintext, making it easily interpretable as such. It is therefore not recommended for transferring credentials and data through an encrypted connection (HTTPS).
  • The Digest identification method (RFC 2617) is more secure as it is based on a “challenge/response” mechanism built around the MD5 fingerprint of the client password. Even though it can be used in HTTP traffic, you are also strongly advised to use this method through an encrypted connection (HTTPS) when transferring data.
  1. User name (Basic or Digest methods only): indicate the required user name in order to connect to the server.
  2. Password (Basic or Digest methods only): indicate the password of the user entered earlier.
  3. POST – control name (POST method only): indicate the control name is the access method selected is POST.
  4. Backup frequency: select the frequency of automatic backups (daily, weekly or monthly). The first successful backup will determine the starting point for backups at the selected frequency.
  5. Password of the backup file (recommended): indicate a password for protecting the backup file. You will be asked to provide this password when this file is used for the purpose of restoring a configuration.