Back up the configuration via the CLI using an SSH client for ProxySG or Advanced Secure Gateway
search cancel

Back up the configuration via the CLI using an SSH client for ProxySG or Advanced Secure Gateway


Article ID: 165964


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


This article shares steps to follow to take a full backup of the Symantec ProxySG and Advanced Secure Gateway (ASG) configuration and policy by using SSH-Console. This will have all the configuration except for private keys which are set to "Hidden".



IMPORTANT: Because the configuration archive contains your private keys, store it in a secure location. This will only display private keys of Keyrings which are set to "Show". Private keys which are set to "hidden" will not be displayed in backup.

Backup Configuration

  1. Make sure that the SSH client you are using is set to write the output to a file:
  2. For example, in PuTTY, select Session > LoggingEnsure that All Session output radio button option is selected to log all session output. 
  3. Connect to the ProxySG CLI via SSH.
  4. Enter enable mode.
  5. Type the following command: "show configuration expanded noprompts with-keyrings unencrypted"

Note: If you are running version 7.x, the above command will not work, it has been removed. In version 7.x, the Workaround is to set security private-key-display unencrypted option in config mode before running show configuration expanded noprompts command. After set that option you can see configuration output with keyring information.

Blue Coat#configure terminal
Blue Coat#(config)security private-key-display unencrypted
Blue Coat#(config)exit
Blue Coat#show configuration expanded noprompts

The expanded configuration will be written to the file you specified in step 1; this may take some time depending on the size of your configuration. This copies the entire configuration as well as the security keyrings (both private and public keys), unencrypted.

IMPORTANT: Make sure that no ccl name starts with "bluecoat"; this is not allowed. If a ccl starting with "bluecoat" is found, identify the related section and remove it.  Below is a common example of lines to be removed from the backup:

edit ccl bluecoat-appliance ;mode
add BC_Engineering_CA
add ABRCA_root

NOTE : This command doesn't show local policy so please make sure to get local policy backup separately if you have on your ProxySG/ASG. You can go to Policy > Policy files > Install local policy from TEXT EDITOR > Install and save that policy separately on notepad.

Restoring the Configuration

If needed, you can copy the configuration to another ProxySG or ASG appliance (running the same SGOS version) or to the same appliance after resolving any issues. To restore the configuration, paste it in the CLI from the #(config) prompt. It is recommended to upload the configuration in small sections. Refer to Backup and restore configuration from one ProxySG/Advanced Secure Gateway to another ProxySG/Advanced Secure Gateway for details.

If you experience issues restoring the configuration, contact Symantec Technical Support for further assistance.