Question & Answer
Question
How do you create snapshots and use the options that are available when working with snapshot files on Security Network Protection (XGS) sensors?
Cause
The XGS allows users to take snapshots of system settings for backups, mirroring appliances, and to assist IBM Security Support in troubleshooting. When using a snapshot to mirror settings to another sensor, you may find it useful to ignore certain appliance specific policies. The information in this article covers how to ignore specific policies when creating a snapshot.
Answer
YouTube Video
Working with XGS Policy Snapshots (03:11)
This video is a demonstration of how to create a Snapshot backup of current configuration and policy settings. Also, to restore prior configurations and policy settings on an IBM Security Network Protections (XGS).
Watch the video on YouTube (03:11)
Creating a snapshot
- Log in to the Local Management Interface (LMI) of the XGS sensor and navigate to Manage System Settings > Snapshots.
- On the Snapshots page, click the New button to generate a new configuration snapshot.
- Once the configuration snapshot is complete, download the new snapshot by selecting the check box for the new snapshot and clicking the Download button.
Note: You can created a snatshot via command line interface (CLI). You ssh into the IQNS/XGS as
admin. Enter the following commands: menu > snapshots > create, after you will see a file name (.snapshot). This is the newly created snapshot.Snapshot options
The tuning parameters that are covered in this article must be added to the Advanced Tuning Parameters policy on the XGS prior to applying the snapshot.
The following parameter can be used to ignore any specific policy on the system:
- Name:
snapshot.apply.ignore.*
Value:1
The complete parameter name includes the name of the policy file that you want to ignore. You can find the policy file names by opening the snapshot file and looking under
\etc\policies\cml\alps.The following table contains a list of complete parameters that cover the policies that most commonly need to be ignored:
|
Name
|
Value
|
Description
|
snapshot.apply.ignore.management_network |
1
|
Causes the snapshot to ignore the management policy. This is used to prevent the snapshot from modifying the management IP address.
|
snapshot.apply.ignore.adapter |
1
|
Causes the snapshot to ignore the protection interface policy. This is used to prevent possible mismatches in the protection interface policy in terms of the number of interfaces present.
|
snapshot.apply.ignore.perf_level |
1
|
Causes the snapshot to ignore the flexible performance level policy. This is used to prevent possible flexible performance license mismatches between sensors.
|
snapshot.apply.ignore.route |
1
|
Causes the snapshot to ignore the static route policy. This is used in order to avoid applying incorrect static routes between sensors.
|
snapshot.apply.ignore.perf_level parameter when using the snapshot to mirror settings to different appliances. Failure to do so might result in the snapshot failing to apply.
[{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Backups and Recovery","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.2.0;5.3;5.3.1;5.3.2;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
03 February 2021
UID
swg21669579