Backup tab

Through this screen, you can create a manual backup or schedule an automatic backup of the firewall's configuration.

Configuration backup

Backup filename	The suggested name of the backup is <firewall serial number>_day_month_year.na by default. This name can be changed if necessary.
Download the configuration backup	Click on this button to save the backup. The file will be saved in .na format.

Advanced properties

Password/Confirm

Set a password to protect your backup.

You are advised to protect the backup file with a strong password. Keep it in a safe place, as restorations will not be possible without this password, and the file can neither be modified nor reinitialized. Our technical support team will not be able to retrieve or reinitialize it for you.

Password strength

This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”.
You are strongly advised to use a combination of upper and lowercase letters, numbers as well as special characters.

TPM password

When the firewall has a TPM that has been initialized, the TPM password must be entered in order to back up the configuration. The backup will contain all private keys of certificates on the firewall, but the TPM-protected private keys that are included will be decrypted.

For more information, see the section Trusted Platform Module.

Configuration automatic backup

Automatic configuration backups are made regularly and securely. Information regarding the latest backup is available in the firewall's Dashboard, in the Services widget.

NOTE
The firewall must be covered by a valid maintenance contract in order to be eligible for this service.

When the firewall has a TPM that has been initialized, the backup will contain all private keys of certificates on the firewall, and the TPM-protected private keys that are included will be encrypted. For more information, see the section Trusted Platform Module.

ON / OFF	Set the switch to ON to allow a backup of the firewall’s configuration to be sent regularly.
Configuration	Cloud backup: these backups are stored in the cloud service infrastructure using encrypted channels. Customized server: these backups are stored on a custom server (HTTP/HTTPS local o outsourced), depending on the criteria defined below.

Advanced properties

Backup frequency	The automatic backup can be carried out every day, every week (7 days) or every month (30 days).
Password of the backup file	You are advised to protect the backup file with a strong password. Keep it in a safe place, as restorations will not be possible without this password, and the file can neither be modified nor reinitialized. Our technical support team will not be able to retrieve or reinitialize it for you.

Customized server

If you have selected a backup on a customized server, enter its configuration:

Server's URL	Location used for storing backups. This URL is set when the Backup server, Server port, Communication protocol and Access path fields have been entered.
Backup server	Selects a customized server. Ensure that the resolution of the selected server corresponds to the one expected.
Backup filename	Enter the name assigned to the backup file.
Server port	Server’s listening port for receiving backups.
Communication protocol	Protocol used for sending backups between HTTP and HTTPS. For HTTPS, a certificate needs to be entered so that the firewall can confirm the identity of the server before sending it the backup.
Server certificate	If HTTPS has been chosen, import then select the server certificate in this field, so that the firewall can authenticate it.
Access path	Depending on the sending method selected above, the access path may be a folder (/directory/) for WebDAV methods (auth) or a script (/upload.php) for the POST method.
Send method	Basic and Digest modes (RFC 2617) allow the identification of the firewall on the server with the help of a login and password: auth basic: this mode sends the encoded password but in plaintext. It is therefore recommended for use with HTTPS communications. auth digest: this mode allows an identification but without sending the password in plaintext; this mode is more secure than the basic mode. It is recommended for use in HTTP communications. POST: as identification via this method is not managed, you are advised to use it with HTTPS communications.
Login	If a sending method with identification is used (auth basic or auth digest), this user name will allow the server to authenticate the firewall.
Backup password	If a sending method with identification is used (auth basic or auth digest), this password will allow the server to authenticate the firewall.
POST - control name	If the POST method is used, this field will indicate the control name in the header of HTTP packets.