Creating a configuration backup and restoring a backup in Astaro Security Gateway/Sophos UTM

  • Article ID: 115187
  • Rating:
  • 6 customers rated this article 3.5 out of 6
  • Updated: 15 Apr 2013

This article explains how to create backup in ASG/Sophos UTM. It also explains how to restore a previous backup.

Known to apply to the following Sophos product(s) and version(s)
Sophos UTM

What To Do


  1. In the WebAdmin select: 'Management' | 'Backup/Restore'.
  2. Click 'Create backup now'.  Add a comment in order to aid in identifying the file later on.
    Once the file is created, it will appear in the window. You can:
    1. Choose to restore.
    2. Download to your computer.
    3. Delete the file.


  • To avoid problems with file downloads using Internet Explorer 6, add the URLs of the firewall (e.g., and the end user portal (e.g., to the Trusted Sites, which are configured in IE's 'Internet Options' | 'Security'. In addition, select 'Automatic Prompting for File Downloads' in the Trusted Sites Zone when using Internet Explorer 7.
  • You have the option to encrypt the backup (Triple DES encryption). Once you have selected this option, provide a password (second time for verification). You will be asked for this password when importing the backup (the file extension for encrypted backups is ebf).
  • A backup includes administrator passwords as well as all RSA keys and X.509 certificates. Since this information is confidential, it is good practice to enable encryption.


To import a backup, click the folder icon and select a backup file to upload, then click Start Upload. When importing an encrypted backup file, you must provide the correct passphrase prior to importing the backup. Note that the backup will not instantly be restored. Instead, it will be added to the Available Backups list.

Note: That you can also recover unencrypted backup files (file extension abf) from a FAT formatted USB flash drive such as a simple USB stick. To restore a backup from a USB flash drive, copy the backup file to the USB flash drive and plug the device into Astaro Security Gateway prior to boot up. If several backup files are stored on the device, the lexicographically first file will be used (numbers precede letters). For example, suppose the backup files firewall_backup_2007-04-17.abf and 2006-03-20_firewall_backup.abf are both stored on the USB flash drive. During the boot up, the second file will be used because it begins with a number, although it is much older than the other one.

In addition, a lock file is created after the successful recovery of a backup, preventing the installation of the same backup over and over again while the USB stick is still being plugged in. However, if you want to install a previous backup once again, you must first reboot with no USB flash drive plugged in. This will delete all lock files. When you now boot with the USB flash drive plugged in again, the same backup can be installed.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent