Restorepoint supports the choice of a full Tufin backup or a configuration-only backup.
Configuration-only vs. Full Backup
When choosing between Configuration-only and Full backup, you need to consider the following:
- Configuration-only: only backs up the SecureTrack configuration information. The backup and restore operations complete very quickly; when you restore from a configuration-only backup, you have everything you need to start collecting revisions, analysing files and running reports.
- Full Backup: backs up the entire SecureTrack database, including configuration, policy revisions and historical reports. However, backup and restore operation can be quite time consuming.
All settings, including: Users, Domains, Zones, Licences, TOP pluginsPolicy Analysis QueriesReports and Audit Definitions (*)Performance AlertsTopology
The following illustrate in detail what is backed up by Restorepoint:
Full Backup: all the information above, plus:Policy RevisionsRevision CommentsAutomatic Policy Generator Data Rule DocumentationRule and Object Usage DataFirewall OS Monitoring DataPublished ReportsPlug-n-Play License Information
Rule Change ReportsSecurity Risk report exceptionsSecureChange Access Requests
(*) When restoring from a configuration-only backup, the following need to be redefined:
Additional information about how Tufin backups work with Restorepoint -
- You must choose at least one of the following configurations to back up:
- SecureTrack: use the selector to choose what type of ST backup to perform. Full performs a backup of the SecureTrack database and configuration; Config Only will only include SecureTrack configuration information. None ignores the SecureTrack settings.
- SecureChange: SecureChange and SecureApp database and configuration.
- Suite Administration: includes Suite Administration backup data.
- Use the Temp Dir field to enter a directory on the Tufin appliance to be used for temporary storage during backup. /var/tmp is used if this field is left blank.
- Tufin may occasionally overestimate the amount of storage required to back up the appliance, and refuse to back up as a consequence. Use the Force checkbox to override the disk space check. Note that this may result in filling a filesystem on the Tufin appliance.
- Restorepoint will use SSH and SCP to connect to the device. Please ensure that port 22/tcp is not blocked by any firewalls between Restorepoint and the device.
- When entering the logon credentials, you should use the root account with the advanced shell enabled. If cannot use root, you must use an account that is authorised (via /etc/sudoers) to become root using the sudo command.