Backup and Restore of Ivanti Connect Secure Appliances using the REST API

This guide will show you a method to pull backups from an Ivanti Connect Secure Appliances using the REST API.

CAUTION! This guide won’t work starting from ISA appliances with version 22.7R2.3 and newer!
A guide for the newer versions is already planned and will be published here once it is ready.


You can find an article from Ivanti itself for this topic in their knowledge base:
https://forums.ivanti.com/s/article/KB44172
But the article from Ivanti has some pitfalls, for example none of the described restore mechanisms will work (as of 18th july 2024).

The backup created using the REST API will always include the system and the user configuration in one file, this is different from the other backup variants you might know from Ivanti Connect Secure Appliances.

Everything described in this article should also work on Ivanti Policy Secure Appliances, but I dont have access to one of these systems to test the export and import process.

Creating a backup user with access to the rest api:
Create a new administrative user using the webui of the appliance under:

In the next screen we need to specify the username and password for the backup user, also the access to the REST API needs to be allowed on this page:

Generate the API Auth Key using curl:
It is needed to create an API Key once to export and import the backup files later:
curl -k -u backup-user:testing123 -G https://192.168.221.2/api/v1/auth

The output of the above command should look like this:
{"api_key":"QgF8q45XQEXQwgOg8e405SI+RWkQeRWqOEDeIcLgj0s="}%

Using curl to create a configuration backup:
curl --insecure --user QgF8q45XQEXQwgOg8e405SI+RWkQeRWqOEDeIcLgj0s=: -o backup.cfg https://192.168.221.2/api/v1/system/binary-configuration

The backup process gets logged in the admin access logs:

Using curl to restore the configuration from a backup file:
curl --insecure --request PUT 'https://192.168.221.2/api/v1/system/binary-configuration?import=full' --user QgF8q45XQEXQwgOg8e405SI+RWkQeRWqOEDeIcLgj0s=: --header 'Content-Type: application/octet-stream' --data-binary '@backup.cfg'

A successful import creates a output like this:
{"result":{"info":[{"message":"Operation successfully completed."}]}}

The admin access logs shows several messages related to the import process:


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert