ScreenOS Firewalls (NOT SRX)
Reply
Contributor
MSUTech
Posts: 13
Registered: ‎04-14-2009
0

Best way to make backup of Policies, etc...

Hello All,

 

I am trying to determine the best way to make a backup of all of my SSG-520 settings (primarily my policies)...

 

help..

 

thanks...

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: Best way to make backup of Policies, etc...

There are lots of ways but if you are only interessted in the policies, I would connect by SSH and enter "get config | include policy". This should get you all "set policy ..." statements. You can then copy/paste them into a text file.

 

If there are too many policies, you can save the config to tftp server and then extract the policies from there.

 

Regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Distinguished Expert
muttbarker
Posts: 2,376
Registered: ‎01-29-2008
0

Re: Best way to make backup of Policies, etc...

Here is a link to a nice tool that pulls out the firewall policies and presents them in an HTML format for easy viewing. http://sourceforge.net/projects/ns2html/

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
spuluka
Posts: 2,691
Registered: ‎03-30-2009
0

Re: Best way to make backup of Policies, etc...

I always save out a full configuration file after any changes are made at all on the firewall.  I name the file with the location and date i.e. location-2010-07-07.cfg.  These can be easily dumped to a central tftp server or pulled from the web interface.

 

To use the tftp function you'll need to set the source address for the requests on the firewall to whatever interface has access to your tftp server.  This needs only be set once and saved in the configuration.

 

set tftp source-address INTERFACE

 

Where INTERFACE is bgroup0; ethernet0/0; etc.

 

For a target tftp server Solar Winds has a nice free utility that can ride as a small additional service on an existing server pretty easily.  This is free software but registration is required.

 

CLI Save config to tftp

firewall-> save config to tftp 192.168.1.10 location-2010-07-07.cfg

 

Web UI save config to local file

Configuration--Update--Config File

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.