Experience Center
Restoring Policies and Configurations from a Backup for Private Applications
When you restore policies and configuration settings from a backup, it overwrites all your current policies and configuration settings, including all the rules and their components. If your current configuration has a component that is not in the backup, then that component is removed when the backup is restored. Therefore, you should review the policies in the backup before restoring it.
If the backup was created before some of the additional features were introduced, then that legacy backup can only be used to restore the policies and configurations that belonged to it. Applying a legacy backup does not override policies and configurations that were not supported in the platform version at the time of the backup creation.
To restore policies and configurations from a backup:
- Go to Administration > Backup & Restore > Private Applications.
- Locate the Backup Name within the table and click the Restore icon (
).
The View Report and Restore drawer appears.
- In the View Report and Restore drawer, you can view the following reports:
- Inconsistency Report: Shows inconsistencies in application management and policy management if the backup is applied. You can click Collapse All to collapse all inconsistencies, or you can click on an individual inconsistency to see more information. Within the inconsistency report, you can do the following:
- Filter the information that appears in the table. By default, no filters are applied.
- Click the Restore icon to restore the policies and configurations from the backup. To learn more, see Inconsistencies in the Backup.
- Click the Download icon (
) to download the inconsistency report as a CSV file.
- Full Report: Shows inconsistencies and modifications from the current backup in application management and policy management if the backup is applied.
- Inconsistency Report: Shows inconsistencies in application management and policy management if the backup is applied. You can click Collapse All to collapse all inconsistencies, or you can click on an individual inconsistency to see more information. Within the inconsistency report, you can do the following:
- Click Restore to restore the policies and configurations from the backup.
See Image.
Pre-Restore Backup of a Configuration
Before restoring a backup, a pre-restore backup of the existing configuration is automatically created. The pre-restore backup of the configuration can be used in case the backup that was restored has post-restore issues. The pre-restore backup of a configuration has the Pre-Restore Configuration
naming convention. A pre-restore backup of a configuration appears within the table on the Backup and Restore page for Private Applications. The timestamp is listed after the Pre-Restore Configuration
text, and is in the MM-DD-YYYY hh-mm-ss
format, where MM
is month, DD
is day, YYYY
is year, HH
is hours, MM
is minutes, and SS
is seconds. For example, after restoring a backup that was created on December 25, 2024, at 12:15 PM, the backup appears as Pre-Restore Configuration 12-25-2024 12:15:00
.
Inconsistencies in the Backup
The following table shows potential inconsistencies that can occur when a backup is applied, the reasons for the inconsistencies, and the resolvable action, if any.
Configuration | Feature / Backup Entity | Inconsistency Reason | Resolution |
---|---|---|---|
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the number of applications exceeds the maximum limit. To learn more, see Ranges & Limitations. | N/A |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the application that has a server group which was deleted is restored. The server group in this case was added in the Default Microtenant after the backup was created, and then was used in a different application within a Microtenant. | N/A |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the domain of two or more application segments have conflicting Bypass settings (i.e., Use Client Forwarding Policy, Always, or On Corporate Network). When two or more application segments contain the same domain, they must use the same Bypass settings. To learn more, see Configuring Defined Application Segments. | Ensure the Bypass settings are set to either Use Client Forwarding Policy or On Corporate Network for two or more application segments with the same domain. Additionally, ensure the existing application is present in other Microtenants. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the domain of two or more application segments have conflicting settings for Double Encryption. When two or more application segments contain the same domain, they must have Double Encryption set to the same value. To learn more, see Configuring Defined Application Segments. | Ensure that Double Encryption is set to the same value (i.e., Enabled or Disabled) for two or more application segments that contain the same domain. Additionally, ensure the existing application is present in other Microtenants. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the TCP port range of an application overlaps with the port range of an existing application in a different Microtenant. | Update the TCP port range of an existing application segment in a different Microtenant to ensure that there is no overlapping port range for the same application. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the UDP port range of an application overlaps with the port range of an existing application in a different Microtenant. | Update the UDP port range of an existing application segment in a different Microtenant to ensure that there is no overlapping port range for the same application. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the domain of the application already exists as a FQDN in the user portal and exists as an application in the application segment, or the application already exists as a FQDN in the privileged portal and exists as an application in the application segment. | Update the user portal or the privileged portal to use a different FQDN. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and the application segment references policies within a Microtenant. | Remove the application segment from the policies. |
Application Management | Application Segment | An inconsistency occurs for an application segment when the restore is applied and a duplicate DNS search domain exists for an application within a Microtenant. To learn more, see Adding DNS Search Domains. | Remove the duplicate domain from the Microtenant. |
Application Management | Browser Access Application Segment | An inconsistency occurs for a Browser Access application segment when a backup is applied in the following scenarios:
| To resolve the inconsistencies:
|
Application Management | Segment Group | An inconsistency occurs for a segment group when a backup is applied in the following scenario. The segment group is deleted but is linked with policies other than access policies, timeout policies, and client forwarding policies within the same Microtenant, or the segment group in the Default Microtenant is linked with any policies within another Microtenant. | Remove the segment group from the associated policies in the same Microtenant, or associate the segment group with the policies within a Microtenant. |
Application Management | Server | An inconsistency occurs for a server if the server is linked to a server group that is referenced by Internet & SaaS. | Remove the server from the server group that is referenced by Internet & SaaS. |
Application Management | Server Group | An inconsistency occurs for a server group when a backup is applied in the following scenarios:
| To resolve the inconsistencies:
|
Certificate Management | Certificates | An inconsistency occurs for a certificate in the following scenarios when a backup is applied:
| To resolve the inconsistencies:
|
Policy Management | Access Policy | An inconsistency occurs for an access policy in the following scenarios when a backup is applied:
| N/A |
Policy Management | Client Forwarding Policy | An inconsistency occurs for a client forwarding policy in the following scenarios when a backup is applied:
| N/A |
Policy Management | Timeout Policy | An inconsistency occurs for a timeout policy in the following scenarios when a backup is applied:
| N/A |
Policy Management | Access Policy, Client Forwarding Policy, Timeout Policy | An inconsistency occurs for a policy when a backup is applied and the policy is using an application segment that is no longer shared to the policy. When the policy is deleted, the application segment becomes unshared from the Microtenant and the policy has an application segment that is no longer shared with it. | N/A |
Policy Management | Access Policy, Client Forwarding Policy, Timeout Policy | An inconsistency occurs for an access policy, client forwarding policy, or timeout policy when the application is moved to another Microtenant. | Move the application back to the current Microtenant. |
User Portal | User Portals | An inconsistency occurs for user portals in the following scenarios when a backup is applied:
| To resolve the inconsistencies:
|
Restore Failures
The following table lists the reasons for why a restore can fail.
Configuration | Failure Reason |
---|---|
Backup and Restore | The restore failed due to the failed pre-restore backup. |
N/A | The restore failed due to an unexpected exception. |