Firepower Device Manager (FDM) - Backup & Restore using REST API

Dinesh Verma · ‎11-04-2020

Problem

Sometimes FDM UI is up but user is not able to login because of issue with some processes, in such scenarios if we don't have recent back of FDM and want to take backup then there is no way out. There is no CLI command available on FDM to take the backup. Same is applicable to restore the backup on FDM as well.

Screenshot 2020-11-04 at 11.47.14 PM.png

Solution

Anupam and I created a script by which we can take the backup of FDM using APIs (Even though we're not able to login, as long as API responds, script does the job). Script can do the restore of FDM with existing backup as well. Script is attached here in this document.

1) Preparation:

****************************************************************************************************

Step 1: Download the script on PC

Step 2: Make sure python3 is installed on PC and have reachability to FDM on 443

Step 3: Make sure proper permission is given to script to execute (This applies specifically if you're executing script from linux machine)

****************************************************************************************************

2) Take Backup of FDM

****************************************************************************************************

Flamingo$ python3 fdm-backup.py
###########################################################
# FDM BACKUP AND RESTORE PROGRAM #
###########################################################
Enter the device IP address: 10.106.59.241
Enter the username of the FTD: admin
Enter the password of the FTD:
###########################################################
Auth-Status code is 200
Successfully Authenticated
1. Initiate Backup
2. Restore Backup
Enter your choice (integer value) : 1
###########################################################
Backup Job ID : 7dd983ce-c215-11ea-92a4-cfd908aa67d4
Backup Running...........
Backup Task Succeded

****************************************************************************************************

3) Restore Backup on FDM

****************************************************************************************************

Flamingo$ python3 fdm-backup.py
###########################################################
# FDM BACKUP AND RESTORE PROGRAM #
###########################################################
Enter the device IP address: 10.197.236.209
Enter the username of the FTD: admin
Enter the password of the FTD:
###########################################################
Auth-Status code is 200
Successfully Authenticated
1. Initiate Backup
2. Restore Backup
Enter your choice (integer value) : 2
###########################################################
# Start Date Archive Name File Size (MB)
1 2020-07-09 18:31:31Z 20200709183131.NGFW_backup.Backup 160.778752
2 2020-07-09 17:12:19Z 20200709171219.NGFW_backup.Backup 160.906752
###########################################################
Select a backup to restore : 2
Are you sure ? (yes,no) : yes
Backup job Initiated with ID 42f5fb70-c215-11ea-af10-4939e9e2e7fa
Please wait until the restore is completed

****************************************************************************************************

Please use the script and let us know if there is any feedback.

AlexandrosMavridis · ‎05-11-2021

just a question, there is the possibility to copy the backup on an ftp server and not only on the hard disk on the FTD? in case that the hard disk failed.

Dinesh Verma · ‎05-11-2021

@AlexandrosMavridis : Copy of backup on remote storage option is not available on FDM as of now. User guide do mention this: "Backup copies are created on the system itself. You must manually download backup copies and store them on secure servers to ensure that you have the backup copies you need for disaster recovery."

If we want to send the backup to FTP Server, then we have do it manually. Copy the backup from /ngfw/var/sf/backup to /ngfw/var/common, change the permission to 777 for the file and transfer it via CLISH.

Below is the example:

root@FTD65:/ngfw/var/common# cd /ngfw/var/sf/backup/
root@FTD65:/ngfw/var/sf/backup# ls -lrth
total 81M
-rwxrwxrwx 1 root admin 384 May 11 15:11 20210511150318.NGFW_backup.FullBackup.manifest
-rwxrwxrwx 1 root admin 81M May 11 15:11 20210511150318.NGFW_backup.FullBackup.tar
root@FTD65:/ngfw/var/sf/backup#
root@FTD65:/ngfw/var/sf/backup# cp 20210511150318.NGFW_backup.FullBackup.* /ngfw/var/common/
root@FTD65:/ngfw/var/sf/backup# cd /ngfw/var/common/
root@FTD65:/ngfw/var/common# chmod 777 20210511150318.NGFW_backup.FullBackup.*
root@FTD65:/ngfw/var/common#

Transfer from CLISH:

> file copy 10.197.226.253 ftpuser . 20210511150318.NGFW_backup.FullBackup.*
Enter password for ftpuser@10.197.226.253:
Copying 20210511150318.NGFW_backup.FullBackup.manifest
Copy successful.
Copying 20210511150318.NGFW_backup.FullBackup.tar
Copy successful.

>

NOTE: "file copy 10.197.226.253 ftpuser . 20210511150318.NGFW_backup.FullBackup.*" This command has dot (.) after word ftpuser. dot (.) represents default directory from FTP server.

We do support FTP and SCP both.

> file
copy Transfer files via FTP
delete Delete file(s)
list List file(s)
secure-copy Transfer files via SCP

>

Please let me know if you've any questions. I'd be happy to help.

-Dv