cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

R80.20 and Database Revision

I have heard from several customers asking for a return of Database Revision Control in R80.X.  I know every policy is backed up, but once and object is deleted, it can no longer be recovered with anything short of a full restore from backup since DB Revision is gone.  My question is this.  I'd heard that there were plans to bring it back in a future version.  As it's not there in R80.20, does anyone know if there are plans to bring it back, and if so, at which future version?

13 Replies

Re: R80.20 and Database Revision

Tomer Sole‌ wrote on R80.10 versioning and Objects 

The R80 architecture automatic revisions preserve the entire configuration - gateway settings, policies, objects, anything that is stored on the security management server. This means that when using Installation History to install a previous revision on the gateway, it will take the entire configuration from the mentioned date.

Policy History revision is enough to me. Cause we cannot delete object while using on policy. 

Re: R80.20 and Database Revision

Object changes cannot be automatically reverted, but you can most definitely find what changes were made to an object via the Audit Log (among many other ways) and then set it back to its prior setting, please see this article I wrote if you have not already:

R80+ Change Control: A Visual Guide 

As mentioned earlier, Installation History will take a gateway back in time to a policy installed earlier, object changes and all.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: R80.20 and Database Revision

Thanks for the advice, but I'd like to clarify one point.  It sounds like installing an earlier Installation History will revert object changes.  In my lab, when I deleted an object, and then installed a policy from the Installation History before the object was deleted, it did not bring the object back.  Is that what you would have expected?

Re: R80.20 and Database Revision

Yes.  As explicitly mentioned in the guide installing a previous policy to a gateway via Installation History will revert the gateway to a previously installed policy (objects and all), but has no impact whatsoever on the configuration currently displayed in the SmartConsole.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Ivo_Hrbacek
Nickel

Re: R80.20 and Database Revision

current described processes for revisions are quite useless if I compare it to R77.30 for example...you guys (CP) have postgresql behind the scenes so I would like to see some db dumps available to replace missing "customer easy to use" revision control as seen in previous versions to be available for cases when you just want your objects back and do not want to spend whole life by searching in audit logs.... that's just my opinion Smiley Happy

Re: R80.20 and Database Revision

Hi Tomer Tomer Sole and all,

Is there any progress on this BIG issue for us MSPs.

e.g We are upgrading a customer from a single device to an HA cluster. We want to be able to roll back the MANAGEMENT policy, objects, rules etc

Pushing an old policy to the old gateway using Insatllation History is fine to get it up and running but how are we then meant to revert the policy to be able to move forward ? (revert to old object, all the attached policy targets etc etc)

e.g We are doing a big rulebase/database tidyup - deleting old objects.... something goes badly wrong... yes we can revert the gateway policy but how do we restore the whole policy/objects/rules/nats ?

I could give more examples if you like but I think you get the idea.... when making changes that involve gateways/clusters this is especially troublesome.

Please dont say mgmt_cli or audit log either... that is not a viable solution for an MSP with many many customers on multiple CMAs.

I look forward to your considered response

thanks

Peter

Re: R80.20 and Database Revision

Can we kindly have an update on this issue please ?

0 Kudos
Admin
Admin

Re: R80.20 and Database Revision

The plans for bringing this feature back are not yet finalized.
0 Kudos
Employee+
Employee+

Re: R80.20 and Database Revision

Indeed, revision control is a very useful feature. Today we have the option to return a gateway to a previous revision, but reverting the configuration in the Management is not yet possible.

I can update with some good news that this feature is in advanced stages of development. We are actually making this much more powerful than the R77.30 capability. Without having to explicitly backup a revision at a certain time, we are integrating the revert into the automated R80 revision capabilities. You will be able to revert to any previous point in time (publish operation) with a few easy clicks.

We are in the EA stage with this feature and will gladly invite customers more customers to share feedback on it. We plan to provide this via a customer hotfix over R80.20. It is also planned to be included in the upcoming R80.40 for customers that prefer to get it in the maintrain version.

For more info or feedback, reach out to @Eran_Habad or myself.

Wolfgang
Gold

Re: R80.20 and Database Revision

@Tomer_Noy 

these are very good news. A lot of people here are waiting for this feature coming back.

Are there any plans for R80.10 or 80.30 ?

Wolfgang

0 Kudos
Employee+
Employee+

Re: R80.20 and Database Revision

R80.10 will not be possible since the development is based on newer code and I/S.

It's possible that we'll port over R80.30 as well, to allow customers that use this to upgrade.

Re: R80.20 and Database Revision

Hi!

Can I get his hotfix now please?  I've spent four days refactoring a policy and now it's dead with a stuck edit session locking a bunch of objects that can't be discarded.  Now, while one route would to fix that, it's probably a lot of work whereas going back to a previous revision would solve the problem instantly.  I realize that this depends on a number of things, one of which is that I can imagine the coders of the new feature realizing that they weren't storing enough info, and coding it only to be able to go back to the point up hotfix install.... but.... crossing my fingers, please help!

I note that no EA programmes are presently available.  Is it available to download?

Thank you!

G

Employee+
Employee+

Re: R80.20 and Database Revision

To resolve your current issue, I suggest opening a ticket to TAC to get help with removing the stuck session and locked objects. It's something that should be doable.

I don't think that installing this as an custom RFE over R80.20 or going to the R80.40 EA is quicker & easier.

That said, once the R80.40 EA is available, we would still be glad to have you on it, regardless of this issue.

0 Kudos