Manual Chapter : Managing Snapshots

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.4.0
Manual Chapter

About snapshots

BIG-IQ Security uses snapshots to protect the working-configuration set of the Security module. Thus, at any time, you can back up, restore, and deploy the BIG-IQ working configuration to a specific configuration state, or deploy a specific set of working configuration edits back to a BIG-IP device. You can also compare one snapshot to another, or compare a snapshot to the BIG-IQ working configuration.

The Snapshots panel displays a list of imported snapshots. The system uses a naming convention that begins with Import and is followed by the self IP address or the management IP address, depending on how the device was discovered. You can also add snapshots through the New Snapshot panel and name the snapshot according to your own convention.

To display only those objects related to a specific snapshot, hover over the snapshot and when the gear icon appears, click it. Then, you can select Properties to display properties or Show Only Related Objects to filter by snapshot.

Adding snapshots

Add snapshots so that you can restore the BIG-IQ working configuration to a specific configuration state, or deploy a specific set of working configuration edits back to a BIG-IP device.
  1. Navigate to Snapshots.
  2. Hover in the Snapshots banner and click the + icon to display the New Snapshot screen.
  3. Complete the property fields as required.
    Option Description
    Name Type a name for the snapshot.
    Description Type a description (optional) that will assist in remembering the reason for the snapshot.
After the process completes, the snapshot is listed in the Snapshots panel by its user-provided name, user account name, and the date and time the snapshot was taken.

Comparing snapshots

You can compare one snapshot to another, or to compare a snapshot to the BIG-IQ Security working configuration.
  1. Navigate to Snapshots.
  2. Select a snapshot, and click the gear icon to expand and display the specific snapshot's screen.
  3. Click Compare.
  4. Indicate what you want to compare:
    • Select Working Configuration to compare the selected snapshot to the BIG-IQ Security working configuration.
    • Select Snapshot to compare the selected snapshot to a different snapshot.
  5. To compare a snapshot with the selected snapshot:
    1. Drag-and-drop that snapshot from the Snapshots panel to this area, or click the Select Snapshot link.
    2. From the Select From Available Snapshots popup screen, select a snapshot and click Select.
  6. Click Evaluate to start the comparison. The Differences popup screen opens.
  7. To display the JSON for each difference found, click a row in the table. Textual JSON appears for each difference found; snapshot on the left and working configuration, or second snapshot on the right.

    Differences are listed by: name (name of the shared object), type (type of object), change (added, modified, deleted), and device (blank unless the type is firewall).

Restoring the working configuration from a snapshot

You can restore the working configuration using a selected snapshot as input. This process does not delete any shared objects that might have been added since the snapshot was taken.

  1. Navigate to Snapshots.
  2. Hover over the snapshot containing the configuration you want to restore to, click the gear icon, and then click Properties.
  3. In the expanded screen, click Restore. You can also click the Compare tab to compare the selected snapshot against the working configuration or another snapshot before performing the restore.
    Working Configuration
    If you select Working Configuration and click Evaluate, a popup screen displays the differences in the JSON between the snapshot (at left in the table) and the working configuration (at right in the table). Click any row to view the JSON for the two objects. Differences are listed by: name (name of the shared object), type (type of object), change (added, modified, deleted), and device (blank unless the type is firewall).

    Click any row to view the JSON for the two objects.

    Snapshot
    If you select Snapshot, specify the snapshot selected by clicking Select Snapshot or by dragging-and-dropping a snapshot to the Compare against field.

    Then, click Evaluate to view the differences in the JSON between the two snapshots.

    Differences are listed by: name (name of the shared object), type (type of object), change (added, modified, deleted), and device (blank unless the type is firewall).

    Click any row to view the JSON for the two objects.

    When you are satisfied that you are restoring the correct configuration, click Restore.
  4. In the popup screen, click OK to confirm that you want to continue. This popup screen explains that this operation will restore the BIG-IQ Security configuration with the contents of this snapshot and remove all active locks. Once the process starts, you will be blocked from performing any other tasks or interacting with the UI in any way until the process is completed or canceled. If the operation is canceled, all configuration settings are rolled back to their state before the restore started.

About snapshots in high-availability configurations

Snapshots require special consideration in high-availability (HA) configurations. For example, a scenario can occur where both peers think they are in the active state due to a disruption in communication or some other error condition.

If you take a snapshot when the system is in this condition, the snapshot Properties screen will display a message saying that the snapshot was taken when the peer device was unreachable.

When the peers are re-paired and re-synched, the snapshot will appear on both peers and both Properties screens will display the error message.

We recommend that you not attempt to restore such snapshots. The restore will likely fail and if it does not, the resulting configuration is unpredictable.