When the firewall has a TPM (Trusted Platform Module) that is used to securely store certificates, keys, configuration backup files, etc., and the TPM has not been initialized (its administration password has not yet been created), a TPM initialization window will appear when the Backup tab is opened. For further information regarding the TPM module, refer to the section Trusted Platform Module.
Through this screen, you can create a comprehensive backup of your firewall’s configuration in the form of files, and protect access to it.
|Backup filename||The suggested name of the backup is <firewall serial number>_day_month_year.na by default. This name can be changed.|
|Download the configuration backup||The file will be saved in .na format (Stormshield Network Archives).
Click on this button to save it.
You are advised to protect the backup file with a strong password. Keep it in a safe place, as restorations will not be possible without this password, and the file can neither be modified nor reinitialized. Our Technical Assistance Center will not be able to retrieve or reinitialize it for you.
|Password||Define a password to protect your backup.|
|Confirm||Confirm the password of your backup, entered in the previous field.|
|Password strength||This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”.
You are strongly advised to use a combination of upper and lowercase letters, numbers as well as special characters.
|TPM password||When the firewall has a TPM that has been initialized, the password that protects the TPM must be entered in order to back up the configuration.|
Configuration automatic backup
Regular backups of your configuration are now offered with the Cloud backup service. These backups can be saved on a local or outsourced HTTP/HTTPS server or within the infrastructure offered by the Cloud backup service.
These regular backups are saved in a secure environment. Information regarding the latest automatic backup is also available in the firewall's Dashboard, in the Services widget.
The firewall must be covered by a valid maintenance contract in order to be eligible for this service.
|ON / OFF||Set the switch to ON to allow a backup of your firewall’s configuration to be sent regularly.|
|Backup frequency||The automatic backup can be carried out every day, every week (7 days) or every month (30 days).|
|Password of the backup file||You are advised to protect the backup file with a strong password. Keep it in a safe place, as restorations will not be possible without this password, and the file can neither be modified nor reinitialized. Our Technical Assistance Center will not be able to retrieve or reinitialize it for you.|
If you have selected a backup on a customized server, enter its configuration:
|Server's URL||Location used for storing backups.
This URL is defined by the resolution of the Cloud server or customized server selected below combined with the access path indicated hereafter.
|Backup server||Selects a customized server. Ensure that the resolution of the selected server corresponds to the one expected.|
|Backup filename||Enter the name assigned to the backup file.|
|Server port||Server’s listening port for receiving backups.|
|Communication protocol||Protocol used for sending backups, which may be HTTP or HTTPS. For HTTPS, a certificate needs to be entered so that the firewall may confirm the identity of the server.|
|Server certificate||If HTTPS has been chosen, import then select the server certificate in this field, so that the firewall can authenticate it. The aim of this is for the firewall to confirm the identity of the server before sending it the backup.|
|Access path||Depending on the sending method selected above, this access path for data on the server may be a folder (/directory/) for WebDAV methods (auth) or a script (/upload.php) for the POST method.|
|Send method||Basic and Digest modes (RFC 2617) allow the identification of the firewall on the server with the help of a login and password:
|ID||If a sending method with identification is used (auth basic or auth digest), this user name will allow the server to authenticate the firewall.|
|Backup password||If a sending method with identification is used (auth basic or auth digest), this password will allow the server to authenticate the firewall.|
|POST - control name||If the POST method is used, this field will indicate the control name in the header of HTTP packets.|