Solved: Backups in cluster mode

cristian.carrion · ‎09-13-2019

Hi folks,

I have two ESAs in cluster mode and they are running the 11.1 software version.

What is the best way to backup/restore a system in case of failure for example:

1)Only fail one ESA.
2)The two esas fail.

I need to remove the cluster to perform a backup or I can execute a backup at cluster level an use this feature - " Loading configuration in clustered appliances"

Thanks for your help.

Regards

charella · ‎09-15-2019

Hello cristian.carrion ,

I do this.

1. Periodically backup the configuration on the esa and locally to your network.

a. Use setting - Encrypted or pain text. >>> (this is the most important part!!) A masked configuration cannot loaded.

b. Backup in is only permitted in cluster mode,if clustered.

c. If you make significant changes, backup.

d. If you upgrade to a new version, backup, or prior to upgrading. (a configuration OS Version has to match the OS Version loaded on the ESA).

2. If you have SLBL it requires a manual backup

3. If you have custom ssl signed certificates at machine level, back them up/ export and save.

If you have to restore/replace a machine, all you need to configure to get started is the interface ip, gateway.

- Join the existing cluster to replicate the existing configuration to the new host.

If complete failure of both ESA:

1. Load the interface ip, gateway to each machine,

2. Create a cluster with your hosts..

3. Load the configuration either by selecting browse to file, or copy contents and paste to the open field.

a. Once the configuration is parsed for errors, an option window will appear.

b. The option window lists the current ESA in the cluster.

c. The option window lists drop down selections to choose if you want to load the configuration options to group (if it exists), and machine level.

d. If you are restoring, then the option to select all levels may be desirable.

e. If you are loading the configuration to hosts with different ip, hostnames and other machine level settings to preserve, then exclude the machine level option and only select, cluster and group (if present) level to copy.

Enjoy,
Chris A.

View solution in original post

charella · ‎09-15-2019

Hello cristian.carrion ,

I do this.

1. Periodically backup the configuration on the esa and locally to your network.

a. Use setting - Encrypted or pain text. >>> (this is the most important part!!) A masked configuration cannot loaded.

b. Backup in is only permitted in cluster mode,if clustered.

c. If you make significant changes, backup.

d. If you upgrade to a new version, backup, or prior to upgrading. (a configuration OS Version has to match the OS Version loaded on the ESA).

2. If you have SLBL it requires a manual backup

3. If you have custom ssl signed certificates at machine level, back them up/ export and save.

If you have to restore/replace a machine, all you need to configure to get started is the interface ip, gateway.

- Join the existing cluster to replicate the existing configuration to the new host.

If complete failure of both ESA:

1. Load the interface ip, gateway to each machine,

2. Create a cluster with your hosts..

3. Load the configuration either by selecting browse to file, or copy contents and paste to the open field.

a. Once the configuration is parsed for errors, an option window will appear.

b. The option window lists the current ESA in the cluster.

c. The option window lists drop down selections to choose if you want to load the configuration options to group (if it exists), and machine level.

d. If you are restoring, then the option to select all levels may be desirable.

e. If you are loading the configuration to hosts with different ip, hostnames and other machine level settings to preserve, then exclude the machine level option and only select, cluster and group (if present) level to copy.

Enjoy,
Chris A.

cristian.carrion · ‎09-17-2019

Hi Charella,

Do you mean that I only need to do a cluster backup and remove/backup/re-join the cluster isn´t neccesary ?

Thanks for your help.
Regards