How do I create a backup of the Firebox X Edge configuration?Firebox X Edge e-Series v 8.0/8.5Sometimes, you must restore the factory-default settings for your Firebox X Edge e-Series. When you do this, all of your configuration changes are lost. If you have complex policy settings or many user accounts, it can take a long time to configure all of your policies and users again.To decrease this setup time, you can back up your configuration to a local file and restore it later. We recommend that you connect to the Edge from the trusted network to create or restore your backup configuration file.This procedure does not help you if you forgot or do not know an administration passphrase for your Edge. In this case, you must reset the Edge to factory-default settings and create a new configuration file.Is there anything I need to know before I start?

• Do not edit your configuration file manually. Always use a Management Server or the Firebox X Edge web interface to make changes to your configuration.

•

User passwords in the backup configuration file are encrypted, but the full file is not encrypted. We recommend that you encrypt your backup configuration file and keep it in a safe location.

•

If you connect to the Edge from the external network, we recommend that you use a VPN to connect to the Edge before you create a backup configuration file. FTP traffic is sent without encryption.

•

When you restore your previous configuration from a backup configuration file, the administrator user name and password used when the backup file was created are used again. If you do not remember the password set in your backup file, you must restore the factory-default settings and set up the Edge manually.

• You must allow FTP traffic to and from the Firebox X Edge on the network your computer uses.

•

If you use a Management Server and your Edge is configured with managed BOVPN tunnels, you must re-enter all WSM access configuration information. Then, you must connect to the Management Server and manually update the Edge after you restore your backup configuration file. If you do not update the Edge, the Edge cannot contact the Management Server and managed VPN tunnels will not operate.

Creating a Configuration Backup FileTo create a backup configuration file from the current configuration of your Firebox X Edge e-Series:

1.

Open the command line interface of your computer. To do this:If you use Windows 2000 or XP, select Programs > Accessories > Command Prompt from the Start Menu.If you use Mac OS X, open the Terminal program in \Applications\Utilities.

2. Change your local working directory to the location where you want to save the backup

configuration file.

3. Type ftp 192.168.111.1 at the command prompt. If you use a different IP address to connect to your Firebox X Edge, type that IP address instead.

4. Enter the user name and password for the administrator account.5. Type bin at the command prompt to switch to binary transfer mode.

6. Type get wg.cfg at the command prompt. Your Edge configuration is saved to your computer.

7. Type quit to close the FTP connection and exit the program.

Restoring a Backup Configuration FileTo restore a backup configuration file to your Firebox X Edge e-Series:

1.

Open the command line interface of your computer. To do this:If you use Windows 2000 or XP, select Programs > Accessories > Command Prompt from the Start Menu.If you use Mac OS X, open the Terminal program in \Applications\Utilities.

2.

Change your local working directory to the location where your backup configuration file is saved. If you encrypted the backup configuration file, you must remove the encryption before you restore your settings.

3. Type ftp 192.168.111.1 at the command prompt. If you use a different IP address to connect to your Firebox X Edge, type that IP address instead.

4. Enter the user name and password for the administrator account.5. Type bin at the command prompt to switch to binary transfer mode.

6. Type put wg.cfg at the command prompt. Your configuration backup file is saved to the Firebox X Edge.

7. Type quot rebt or use the web interface to restart the Edge. The new configuration is not used until the Edge restarts.

8. Type quit to close the FTP connection and exit the program.Reconnecting the Firebox X Edge to a Management ServerTo restore communication between your Firebox X Edge and your Management Server, you must re-enter all WSM access configuration information. Then, you must update the Edge from the Management Server after you restore your configuration.1. Connect to your Edge System Status page and select Administration > WSM Access.

2. Select the Enable remote management check box. From the Management Type drop-down list, select WatchGuard Management System.

3.

To enable centralized Edge management through WatchGuard System Manager, select the Use Centralized Management check box. Do not select this check box if you use WatchGuard System Manager only to manage VPN tunnels.

4.

Type the status and configuration passphrase for your Firebox X Edge. This passphrase must match the passhrase you used when you added the device to WatchGuard System Manager.

5.

In the Management Server Address text box, type the IP address of the Management Server if it has a public IP address. If the Management Server has a private IP address, type the public IP address of the Firebox protecting the Management Server.

6. Type the Client Name used to identify your Firebox X Edge in the Management Server configuration.

7. Type the Shared Key used to encrypt the connection between the Management Server and the Edge. This key must be the same key used on the Management Server.

8. Click Submit.9. Next, open WatchGuard System Manager and connect to your Management Server.10. Click the Device Management tab.11. Right-click the Firebox X Edge you want to restore, and select Update Device.

12. Select the Download Trusted and Optional Network policies, Reset server configuration, and Expire Lease check boxes.

13. Click OK. The Firebox X Edge restarts and can now connect to the Management Server.

Frequently Asked Questions About This ProcedureWhy do I have to use the command line FTP program on my computer?

Many commands are disabled on the Firebox X Edge FTP server for security. For example, you cannot change directories (cd) or show the remote working directory (pwd). Other FTP programs rely on these commands to show you a list of files in the remote directory, and cannot operate when these commands are disabled.

Why am I unable to connect to the Edge using FTP?Check your configuration to make sure that you allow FTP traffic to your Edge from the network your computer uses. By default, the Firebox X Edge e-Series allows FTP traffic from the trusted network to the Edge. To change this setting and restore FTP access from the trusted network:

1. Open your Internet browser and connect to the Firebox X Edge Web interface. The default URL is: https://192.168.111.1/

2. From the navigation bar, select Firewall > Firewall Options.

3. Clear the check box adjacent to Do not allow FTP access to the Edge from the Trusted Network.

4. Click Submit to save your changes.What is included in the Edge backup configuration file?

When you backup an Edge configuration file, it includes all Edge policies and settings, user passphrases, and manual VPN configuration information. It does not include any license information, GAV signatures, or configuration information related to WatchGuard System Manager access or managed VPN tunnels.

Can I use the procedure in this document to create a backup configuration file for my Firebox X Edge (non-e-Series) or SOHO6?Yes. The same restrictions apply.Was this document helpful? Please send your feedback to faq@watchguard.com.SUPPORT: www.watchguard.com/support U.S. and Canada +877.232.3531All Other Countries +1.206.613.0456COPYRIGHT © 2006 WatchGuard Technologies, Inc. All rights reserved.WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries.