Restorepoint supports the choice of a full Tufin backup or a configuration-only backup.
Configuration-only vs. Full Backup
When choosing between Configuration-only and Full backup, you need to consider the following:
- Configuration-only: only backs up the SecureTrack configuration information. The backup and restore operations complete very quickly; when you restore from a configuration-only backup, you have everything you need to start collecting revisions, analysing files and running reports.
- Full Backup: backs up the entire SecureTrack database, including configuration, policy revisions and historical reports. However, backup and restore operation can be quite time consuming.
The following illustrate in detail what is backed up by Restorepoint:
All settings, including: Users, Domains, Zones, Licences, TOP pluginsPolicy Analysis QueriesReports and Audit Definitions (*)Performance AlertsTopology
Full Backup: all the information above, plus:
Policy RevisionsRevision CommentsAutomatic Policy Generator Data Rule DocumentationRule and Object Usage DataFirewall OS Monitoring DataPublished ReportsPlug-n-Play License Information
(*) When restoring from a configuration-only backup, the following need to be redefined:
Rule Change ReportsSecurity Risk report exceptionsSecureChange Access RequestsAdditional information about how Tufin backups work with Restorepoint -
- You must choose at least one of the following configurations to back up:
- SecureTrack: use the selector to choose what type of ST backup to perform. Full performs a backup of the SecureTrack database and configuration; Config Only will only include SecureTrack configuration information. None ignores the SecureTrack settings.
- SecureChange: SecureChange and SecureApp database and configuration.
- Suite Administration: includes Suite Administration backup data.
- Use the Temp Dir field to enter a directory on the Tufin appliance to be used for temporary storage during backup. /var/tmp is used if this field is left blank.
- Tufin may occasionally overestimate the amount of storage required to back up the appliance, and refuse to back up as a consequence. Use the Force checkbox to override the disk space check. Note that this may result in filling a filesystem on the Tufin appliance.
- Restorepoint will use SSH and SCP to connect to the device. Please ensure that port 22/tcp is not blocked by any firewalls between Restorepoint and the device.
- When entering the logon credentials, you should use the root account with the advanced shell enabled. If cannot use root, you must use an account that is authorised (via /etc/sudoers) to become root using the sudo command.
