Back up the configuration via the CLI using an SSH client for Edge SWG (formerly ProxySG) or Advanced Secure Gateway
search cancel

Back up the configuration via the CLI using an SSH client for Edge SWG (formerly ProxySG) or Advanced Secure Gateway

book

Article ID: 165964

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

This article shares steps to follow to take a full backup of the Edge SWG and Advanced Secure Gateway (ASG) configuration and policy by using SSH-Console. This will have all the configuration except for private keys which are set to "Hidden".

 

Resolution

IMPORTANT: Because the configuration archive contains your private keys, store it in a secure location. This will only display private keys of Keyrings which are set to "Show". Private keys which are set to "hidden" will not be displayed in backup.

Backup Configuration

  1. Make sure that the SSH client you are using is set to write the output to a file:
  2. For example, in PuTTY, select Session > LoggingEnsure that All Session output radio button option is selected to log all session output. 
  3. Connect to the Edge SWG CLI via SSH.
  4. Enter enable mode.
  5. Type the following command: "show configuration expanded noprompts with-keyrings unencrypted"

Note: If you are running version 7.x, the above command will not work, it has been removed. In version 7.x, the Workaround is to set security private-key-display unencrypted option in config mode before running show configuration expanded noprompts command. After set that option you can see configuration output with keyring information.

Blue Coat#configure terminal
Blue Coat#(config)security private-key-display unencrypted
  ok
Blue Coat#(config)exit
Blue Coat#show configuration expanded noprompts

The expanded configuration will be written to the file you specified in step 1; this may take some time depending on the size of your configuration. This copies the entire configuration as well as the security keyrings (both private and public keys), unencrypted.

IMPORTANT: Make sure that no ccl name starts with "bluecoat"; this is not allowed. If a ccl starting with "bluecoat" is found, identify the related section and remove it.  Below is a common example of lines to be removed from the backup:

edit ccl bluecoat-appliance ;mode
add BC_Engineering_CA
add ABRCA_root
exit
 
 

NOTE : This command doesn't show local policy so please make sure to get local policy backup separately if you have on your Edge SWG (ProxySG)/ASG. You can go to Policy > Policy files > Install local policy from TEXT EDITOR > Install and save that policy separately on notepad.

Restoring the Configuration

If needed, you can copy the configuration to another Edge SWG or ASG appliance (running the same SGOS version) or to the same appliance after resolving any issues. To restore the configuration, paste it in the CLI from the #(config) prompt. It is recommended to upload the configuration in small sections. Refer to Backup and restore configuration of Edge SWG (ProxySG) or Advanced Secure Gateway appliances for details.

If you experience issues restoring the configuration, contact Symantec Technical Support for further assistance.