Figure 141: Policy Enforcer Communication with Multiple Components
Policy Enforcer provides the option of backing-up all Policy Enforcer configuration and storing it as a .tar file. In the event of any unforeseen circumstances such as a malicious attack or system failure you can use the backup file to restore Policy Enforcer to a previously saved configuration. You can also take a backup before you change some configuration in Policy Enforcer, and revert to the backed up configuration, if needed. You can take multiple backups and choose to restore the Policy Enforcer configuration from any of these backup files.
Policy Enforcer backup includes Policy Enforcer configurations such as .yml files, databases or sequences, and device configurations. Policy Enforcer also talks to multiple components to obtain information, as shown in Figure 141.
Figure 141: Policy Enforcer Communication with Multiple Components
Policy Enforcer talks to:
SkyATP / JATP for feeds
Security Director for profiles and configurations
Junos Space Network Management Platform and Security Director to discover network connectivity like endhosts
Connectors to connect to AWS, Azure, ClearPass, Contrail, PulseSecure, and Forescout
Policy Enforcer backup includes the backup of all these configurations and dependencies. When you backup Policy Enforcer, both Policy Enforcer and Security Director configurations are backed up.
Note Policy Enforcer backup does not include data.
You must be aware of the following before you initiate a Policy Enforcer backup:
When you initiate a backup/restore, Policy Enforcer goes into maintenance mode and will be unresponsive until the backup/restore process is complete. Ensure that you complete all the tasks you want to perform with Policy Enforcer before you start the backup/restore process.
If you are saving the backup .tar file on the remote server, ensure that there is enough space for the file on that server.
To take a backup of Policy Enforcer:
The Backup and Restore page appears.
The Backup page appears.
A job is created to execute the backup process. To see the progress of the backup, go to the Job Management page.
Note Policy Enforcer will be in maintenance mode and will be unavailable till the backup process is complete.
After the backup process is complete, the backup .tar file is listed on the Backup and Restore page.
Table 365: Fields on the Backup Page
Field | Description |
|---|---|
Server Type | Select whether you want to save the backup .tar file to a local server or to a remote server.
|
Description | Enter a description; maximum length is 1024 characters. Make this description as useful as possible for everyone. |
Username | Enter the username of the remote server where you want to save the backup .tar file. |
Password | Enter the password for the selected remote server. |
IP Address | Enter the IPv4 or IPv6 address of the remote server where you want to save the backup .tar file. |
Directory | Enter the filepath and folder name on the remote server where you want to save the backup .tar file. |
Schedule Backup | Use the following procedure to select a schedule for the backup.
You can also edit or delete the backup schedule by clicking Edit or Delete, respectively. |
Restoring Policy Enforcer from a Backup File
To restore Policy Enforcer from a backup file:
The Backup and Restore page appears.
A pop-up page appears asking for confirmation to restore Policy Enforcer from the backup file.
Note Policy Enforcer will be in maintenance mode and will be unavailable till the restore process is complete.