How to get the backup file from a non booting/dead Sophos SG

Hey there. This will be a shorter one.

A few weeks ago, I had a weird issue with a customer, where two Sophos SG 135 in an active / passive cluster died at the same time. They started to “only” drop a few packages at first, but slowly declined into dropping everything. Shutting the active device down, actually killed it completely. Could not start it after that at all.

Anyway. We provided a temporary device until the new devices arrived, so that’s not really the issue. The issue here is, how do you retrieve a Sophos backup from a dead device?

Sophos actually creates automatic backups periodically. You just need to know where it is.

If you just want the path. Here it is.:

/var/confd/var/storage/snapshots/

If you want a fullish guide on how to restore it, keep reading 🙂

Let’s start.

  1. I don’t have a spare Sophos SG device at hand right now, so, unfortunately, cannot show you how to open it. There are only a few screws, so it’s not really difficult. What you want is the hard disk. Remove the device and attach it to a PC with any linux distribution or boot from a liveusb.

2. Open a terminal and mount the root partition (in the case of Sophos SG it should be the 6th partition) to any empty location. I will create a folder under /mnt.

fedora-kde :: ~ » cd /mnt
fedora-kde :: ~ » mkdir sophos

fedora-kde :: ~ » mount /dev/sdb6 /mnt/sophos

3. Navigate to the folder that contains the backups/snapshots.

I actually don’t know if the numbers in the file names mean anything. I basically look for the newest file.

fedora-kde :: ~ » cd /mnt/sophos/var/confd/var/storage/snapshots/

fedora-kde :: snapshots » ls | head
cfg_10835_1530309669
cfg_1167_1552897108
cfg_12223_1521022248
cfg_12642_1630106105
cfg_12827_1629501305
cfg_13746_1560463451
cfg_13969_1478910399

4. Copy the file onto a USB stick (or use SCP to copy the file directly to the new Sophos SG later) and insert it into the new device.

5. get through the basic configuration of your new Sophos SG (might do a guide at some point), and enable SSH.

6. SSH into your new device, mount the USB Stick (or SCP…) and copy the backup into the same folder.

fedora-kde :: ~ » ssh loginuser@172.16.16.254

loginuser@sophos:/home/login > mount /dev/sdb1 /mnt

loginuser@sophos:/home/login > cp /mnt/cfg_12642_1630106105 /var/confd/var/storage/snapshots/

7. Last step. Restoring the backup. Trying to restore the backup using the webUI spits out an error message. Tried this twice on different devices, same result. Maybe I did something wrong but the CLI works just fine, so I didn’t bother investigating.

loginuser@sophos:/home/login > backup.plx -i /var/confd/var/storage/snapshots/cfg_12642_1630106105

8. After this you have to reboot the device.

Your Sophos SG should be restored to the last backed up state. At this point, you probably should create a backup using the webui and put it somewhere where you have access.

This was a bit longer than I expected… Anyways. Hope this proved to be useful.

Until next time.

Leave a Reply