FAQ

Restoring the ProxySG settings and policies from backup archive manually

FAQ ID:    FAQ557
Version:    1.0
Status:    Published
Published date:    10/29/2009
 

Answer

Before an archive can be restored onto a proxy modifications must be made to it.  The file will contain encrypted or hashed passwords and these must be changed to clear text passwords.  If the archive is restored with the encrypted passwords the proxy will not be able to decode these because the proxy keys will be different.

Throughout the text copy of the configuration, you will see instances of “hashed-password” or “encrypted-password” followed by the password in a hashed or encrypted format.  This is encrypted or hashed using the default keyring stored by the hardware on the proxy.  Therefore, to load this configuration on another proxy, these will need to be changed.  To modify these correctly, you modify the line to remove the “hashed-“, or “encrypted-“, and changed the hashed-password or encrypted-password to the clear text password.

•    Example 1: Will see entries such as this

security hashed-enable-password "$1$HeLpin$X.q0H5s3XEiCyHmGGVwzF1"
security hashed-password "$1$rWzR$BT5c6F/RHLPK7uU9Lx27J."

If the real password is “bluecoat” then these must to change this:

security enable-password “bluecoat”
security password “bluecoat”

Notice that the “hashed-“ text has been removed and the real password has been entered.


    Example 2: Content filtering download configuration.

content-filter ;mode
provider bluecoat enable
bluecoat ;mode
download username "CRB-APR1506"
download encrypted-password “K=WShq/gaEtubhfcfuIhhHJ3AG+/AnTHVJwQ="

If the real password is ABCDEFG then this must to changed to:

content-filter ;mode
provider bluecoat enable
bluecoat ;mode
download username "CRB-APR1506"
download password  “ABCDEFG”


Notice that the text “encrypted-“ has been removed from the line “download password” and the real password has been entered.

•  There are several other places where you can see hashed-password or encrypted-password.  You will need to manually search for every instance “encrypted-password” and “hashed-password” in order to find them.  After you have found them all, you will need to look at the commands above it to determine exactly what the password references.  Examples of these are GUI password, enable password, password to ftp server for upload of the access logs, LDAP search user password, SNMP write-community strings, etc.

•  After you have found all instances of a hashed encrypted password and have made the corrections, save the text file to a PC which you use to manage the proxy via the GUI


Later, please follow on instuctions printed inside KB3037 to restore configuration using GUI.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question