“Backup” tab

Configuration backup

Through this screen, you will be able to create a comprehensive backup of your firewall’s configuration in the form of files, and protect access to it.

Backup filename	The name of the backup will correspond to “<firewall serial number>_day_month_year.na” by default, but can be modified. You are however advised to use the ".na" extension for the name of this file.
Download	The file will be saved in .na format (Stormshield Network ARCHIVES). Click on this button to save it.

Advanced properties

Password

Define a password to protect your backup.

Confirm

Confirm the password of your backup, entered in the previous field.

Mandatory password strength.

This field indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”.

You are strongly advised to use a combination of upper and lowercase letters, numbers as well as special characters.

Configuration automatic backup

Regular backups of your configuration are now offered with the “Cloud backup” service. These backups can be saved on a local or outsourced HTTP/HTTPS server or within the infrastructure offered by the Stormshield Network Cloud backup service.

These regular backups are saved in a secure environment.

NOTE

You are advised to protect the backup file with a password that must be kept in a safe place, as technical support will not be able to retrieve or reinitialize it if it is forgotten.

Information regarding the latest automatic backup is also available in the Dashboard’s Properties.

NOTE

The firewall must be covered by a valid maintenance contract in order to be eligible for this service.

Automatic Database Backup

When selected, this checkbox allows a backup of your firewall’s configuration to be sent regularly.

The various parameters of the service are:

Backup server selection

Cloud backup

These backups are stored in the cloud service infrastructure using encrypted channels.

Customized server

These backups are stored on a customized server, depending on the criteria defined below.

Server's URL

Location used for storing backups.

This URL is defined by the resolution of the Cloud server or customized server selected below combined with the access path indicated hereafter.

Backup server

Selects a customized server. Ensure that the resolution of the selected server corresponds to the one expected.

Name of the backup file

Enter the name of the backup file that will be sent to your server. You are advised to use the ".na" extension for the name of this file.

Server port

Server’s listening port for receiving backups.

Communication protocol

Protocol used for sending backups, which may be HTTP or HTTPS. For HTTPS, a certificate needs to be entered so that the firewall may confirm the identity of the server.

Server certificate

If HTTPS has been chosen, import then select the server certificate in this field, so that the firewall can authenticate it. The aim of this is for the firewall to confirm the identity of the server before sending it the backup.

Access path

Depending on the sending method selected above, this access path for data on the server may be a folder (/directory/) for WebDAV methods (auth) or a script (/upload.php) for the POST method.

Send method

Basic and Digest modes (RFC 2617) allow the identification of the firewall on the server with the help of a login and password.

auth basic	This mode sends the encoded password but in plaintext. It is therefore recommended for use with HTTPS communications.
auth digest	This mode allows an identification but without sending the password in plaintext; this mode is more secure than the basic mode. It is recommended for use in HTTP communications.
POST	As identification via this method is not managed, you are advised to use it with HTTPS communications.

User name (auth)

If a sending method with identification is used (auth basic or auth digest), this user name will allow the server to authenticate the firewall.

Password (auth)

If a sending method with identification is used (auth basic or auth digest), this password will allow the server to authenticate the firewall.

POST - control name

If the POST method is used, this field will indicate the control name in the header of HTTP packets.

Depending on whether you have chosen Cloud auto-backup or a backup on a customized server, you will be able to select the following parameters:

Backup frequency

The automatic backup can be carried out every day, every week (7 days) or every month (30 days).

Password of the backup file

If you wish to do so, you can encrypt your configuration file with a password. You are advised to use a complex password.

IMPORTANT

You are advised to keep your password in a safe place, as files cannot be restored without it. Furthermore, after the backup, you will not be able to change or reinitialize it.

Change the password

This button allows displaying a window to edit the password. This new password will only be valid for subsequent backups.