Backup/Restore Zenarmor Configuration and Policies on OPNsense

A software or hardware malfunction, a human-caused event, or even natural calamities such as floods, fires, earthquakes, or tornadoes can result in a total system wipeout. And sometimes unfortunate events occur when we least expect them or are least prepared for them. The data backup makes it accessible in the event of data loss or corruption. You can only recover data from a previous time period if you have a backup.

Configuration and policy files for Zenarmor can be backed up manually at any time via the OPNsense web GUI. After your backup has been completed, it can be transferred to a distinct medium with a single click to reduce the risk of data loss in the future.

It is recommended that you create backup copies on a consistent and regular basis. The longer the interval between backup copies, the greater the risk of data loss when recovering from a failure. Regular backups protect your data and allow your system to rapidly recover and resume operation.

Zenarmor Backup & Restore Page allows you to perform the following tasks:

1. Backup Zenarmor Configuration
2. Restore Zenarmor Configuration

Backup Zenarmor Configuration

You can easily backup the Zenarmor configuration and policy files by following these 3 steps:

1. Navigate to the Zenarmor → Settings → Backup & Restore on your OPNsense GUI.

Figure 1. Zenarmor Backup & Restore

2. You can encrypt the backup file by switching on the toggle button in the Backup panel. If encryption is enabled, you must enter and confirm a password.

Figure 2. Backup File Without Encryption

Figure 3. Backup file encryption is enabled

3. Click Backup Now button to start the backup operation. After the backup is completed, a notification message at the right bottom of the page notifies you. By default, backups are stored on the firewall itself. You can view them on the Backup Files pane at the bottom of the page. It is very important that you should download the backup file to your local disk. Otherwise, a fresh install will erase your backup files on the Zenarmor GUI. You should keep it in an external storage medium like your pc or another safe media.

Restore

On the Zenarmor Backup & Restore page, Backup Files pane contains the existing backup files in the system and the file operation buttons. You can view the detailed file information (date of the backup and whether the file is encrypted or not) in this panel. You may execute the following backup file operations on the Zenarmor Backup & Restore page:

• Upload
• Restore
• Download
• Delete

You can either upload a backup file from your local disc or select one of the backup files stored on your OPNsense system to restore the Zenarmor configuration and policy files.

Restore by Uploading Backup File

You can easily restore your Zenarmor configuration and policy files from your local disk by following the next steps:

1. Navigate to the Zenarmor → Settings → Backup & Restore on your OPNsense GUI.

2. Click on the Browse Backup File in the Restore pane to start the restore operation by uploading a backup file from your local disk.

Figure 4. Uploading a backup file

3. Select the backup file and click Open to upload it. This will open a dialog box asking for Restore Parameters.

Figure 5. Selecting Restore Parameters

4. If the backup file is encrypted, an encryption password is asked in the Restore Parameters window. Fill in the password field.

5. Select the proper option for the Restore Option. You can either restore all configuration files or only policy and rule files from the backup file.

6. By default, license data is excluded from the restore operation. To restore it, switch off the toggle button in the window.

7. By default, Zenconsole cloud settings are excluded from the restore operation. To restore it, switch off the toggle button in the window.

8. Click on the Restore button in the Restore Parameters window. If all goes well, a notification message is displayed at the right bottom of the page.

Restore by Selecting Backup File Stored on OPNsense

You can easily restore your Zenarmor configuration and policy files from your OPNsense disk by following the next steps:

1. Navigate to the Zenarmor → Settings → Backup & Restore on your OPNsense GUI.

2. Select a file listed in Backup Files pane.

3. Click ... - 3 dot menu icon under the Actions column.

Figure 6. Restoring a backup file on OPNsense

4. Click on the Restore button to start the restore operation by using the backup file stored on OPNsense local disk.

5. Select the backup file and click Open to upload it. This will open a dialog box asking for Restore Parameters.

Figure 7. Selecting Restore Parameters

6. If the backup file is encrypted, an encryption password is asked in the Restore Parameters window. Fill in the password field.

7. Select the proper option for the Restore Option. You can either restore all configuration files or only policy and rule files from the backup file.

8. By default, license data is excluded from the restore operation. To restore it, switch off the toggle button in the window.

9. By default, Zenconsole cloud settings are excluded from the restore operation. To restore it, switch off the toggle button in the window.

10. Click on the Restore button in the Restore Parameters window. If all goes well, a notification message is displayed at the right bottom of the page.

Downloading a Backup File

You can download the backup files stored on your OPNsense system to your local disc by following the next steps:

1. Navigate to the Zenarmor → Settings → Backup & Restore on your OPNsense GUI.

2. Select a file listed in Backup Files pane.

3. Click ... - 3 dot menu icon in the same row with the file to be downloaded under the Actions column.

Figure 8. Restoring a backup file on OPNsense

4. Click on the Download button to start downloading the backup file.

Deleting a Backup File

You can delete the backup files stored on your OPNsense system by following the next steps:

1. Navigate to the Zenarmor → Settings → Backup & Restore on your OPNsense GUI.

2. Select a file listed in Backup Files pane.

3. Click ... - 3 dot menu icon in the same row with the file to be downloaded under the Actions column.

4. Click on the Delete button to remove the backup file. This will open a dialog box for confirmation.

Figure 9. Confirmation for deleting a backup file on OPNsense

5. Click on the Delete button to confirm the deletion of the backup file from OPNsense disk

CLI Backup Restore

With 1.9.2 release you will be able to restore your backup file via Command Line Interface

The following should be provided in a sequence for the restore script.

1. Locate the CLI.php file

cd /usr/local/opnsense/mvc/app/models/OPNsense/Zenarmor/

2. Call CLI.PHP file

3. Restore

4. Locate the backup file

5. Type Password for restoring

6. Provide restore option (all | rule). Type “rule” if you only restore Firewall Rules

7. Provide License Exclusion option (true | false)

USAGE

[CLI.php] [restore] [ Backup FILE path] [pass 'a*1',''] [option 'all','rule'] [license Exclude true,false]

Sample usage for non-encrypted files

php /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/CLI.php restore /root/zenarmor-backup-OPNsense.localdomain-1625074552.tar.gz false '' all true

Sample usage for an encrypted files

php /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/CLI.php restore /root/zenarmor-backup-OPNsense.localdomain-1625086767.tar.gz.enc true '123456' all true

Sample usage for CLI php

# php /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/CLI.php usage

Command                                           Args
#######################################################
sample-report
notice-mtu                                        interfaces*
notice-interface_not_exists                       interfaces*
notice-scheduled_report_mail_send_error
notice-rss_enabled
notice-license_expired_warning
notice-license_expired
notice-license_conflict
notice-license_revoked
notice-license_cancelled
notice-mongo_arc_install                          action*
notice-elastic_arc_install                        action*
notice-campaign                                   data
notice-new_db_version                             version*
dashboard-cache
migrate
migratewebcat
migrate-config-xml                                removeSensei*
setpoliciestocloud
config2db
licensedel
licenseActivation                                 isRestart
setlicense                                        activationKey* force
setlicensesize
configurelicensefeature
restore                                           path* isEncrypted* password option* isLicenseExclude*
scheduled-service-control
generate-static-file
onboot                                            service* status*
crons                                             action*
reset
aliases
reload
deletesettings
sysctl                                            mode*
bufsysctl
setClusterUUID
isGlobal
setretireafter                                    keep
saveload
wanlist
setflavor
saveDbConfigES
saveDbConfigSQ                                    path*
saveDbConfig                                      dbType* retireDay* deploymentSize*
setbypass                                         enabled* mode*
setdnsenrichment                                  servers* reverse*
setrestapi                                        enabled*
setswap
setcloudthreatintel                               domains* enabled*
setCloudRegister                                  uuid* adminEmail*
sethealth                                         healthCheck* healthShare* heartbeatMonitor*
settimestamp
setscheduledreport                                data*
setscheduledreportchart                           data*
sendsamplescheduledreport                         data*
fillscheduledreportchart
setRetireAfterfromCloud                           maxRetireDay*
setPrivacy                                        data*
setblocknotification                              status*
setinterface                                      iface*
checkOfLoading
removeRegister
setCustomerId
health-check
resetreportingES
setStreaming                                      data*