backup
Backup management commands for NDCLI. These commands allow you to configure, enable, and monitor device configuration backups to S3-compatible storage.
Commands
Section titled “Commands”| Command | Description |
|---|---|
backup status | List all device backup statuses |
backup show | Show specific device backup status |
backup enable | Enable backup for a device |
backup disable | Disable backup for a device |
backup config show | Show backup configuration |
backup config set | Create or update backup configuration |
backup config enable | Enable backup configuration |
backup config disable | Disable backup configuration |
backup config delete | Delete backup configuration |
backup config test | Test S3 connection |
backup encryption-key set | Set device-specific encryption key |
backup encryption-key remove | Remove device encryption key override |
backup status
Section titled “backup status”List backup status for all devices in the organization.
ndcli backup status [flags]| Flag | Type | Default | Description |
|---|---|---|---|
--status | string | Filter by backup status: SUCCESS, FAILED, IN_PROGRESS | |
--enabled-only | bool | false | Show only devices with backup enabled |
--page | int | 1 | Page number |
--per-page | int | 30 | Items per page (1–100) |
Examples
Section titled “Examples”ndcli backup status
ndcli backup status --enabled-only
ndcli backup status --status FAILED
ndcli backup status -f jsonbackup show
Section titled “backup show”Show backup status for a specific device.
ndcli backup show [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Examples
Section titled “Examples”ndcli backup show my-firewall
ndcli backup show my-firewall -f jsonbackup enable
Section titled “backup enable”Enable backup for a specific device. The device will be included in future backup runs according to the organization backup schedule.
ndcli backup enable [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Examples
Section titled “Examples”ndcli backup enable my-firewallbackup disable
Section titled “backup disable”Disable backup for a specific device. The device will be excluded from future backup runs.
ndcli backup disable [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Examples
Section titled “Examples”ndcli backup disable my-firewallbackup config show
Section titled “backup config show”Show the current organization-level backup configuration.
ndcli backup config showExamples
Section titled “Examples”ndcli backup config show
ndcli backup config show -f jsonbackup config set
Section titled “backup config set”Create or update the organization-level backup configuration. Sensitive values (S3 secret key, encryption key) are prompted interactively if not provided as flags.
ndcli backup config set [flags]| Flag | Type | Default | Description |
|---|---|---|---|
--s3-endpoint | string | S3 endpoint URL | |
--s3-bucket | string | S3 bucket name | |
--s3-folder | string | Folder path (prefix) within the bucket | |
--s3-key-id | string | S3 access key ID | |
--s3-access-key | string | S3 secret access key (prompts if not provided) | |
--schedule | string | Cron schedule expression (e.g., 0 2 * * *) | |
--encryption-key | string | Encryption key (prompts if not provided) |
Examples
Section titled “Examples”# Interactive setup (sensitive values prompted)ndcli backup config set \ --s3-endpoint https://s3.example.com \ --s3-bucket my-backups \ --s3-folder netdefense \ --s3-key-id AKIAIOSFODNN7EXAMPLE \ --schedule "0 2 * * *"backup config enable
Section titled “backup config enable”Enable the organization-level backup configuration. Backups will run on schedule for all enabled devices.
ndcli backup config enableExamples
Section titled “Examples”ndcli backup config enablebackup config disable
Section titled “backup config disable”Disable the organization-level backup configuration. No backups will run while disabled.
ndcli backup config disableExamples
Section titled “Examples”ndcli backup config disablebackup config delete
Section titled “backup config delete”Delete the organization-level backup configuration entirely.
ndcli backup config deleteExamples
Section titled “Examples”ndcli backup config deletebackup config test
Section titled “backup config test”Test the S3 connection using the current backup configuration. Verifies connectivity and write permissions without creating an actual backup.
ndcli backup config testExamples
Section titled “Examples”ndcli backup config testbackup encryption-key set
Section titled “backup encryption-key set”Set a device-specific encryption key, overriding the organization default for that device.
ndcli backup encryption-key set [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Examples
Section titled “Examples”ndcli backup encryption-key set my-firewallbackup encryption-key remove
Section titled “backup encryption-key remove”Remove a device-specific encryption key override. The device will revert to using the organization-level encryption key.
ndcli backup encryption-key remove [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Examples
Section titled “Examples”ndcli backup encryption-key remove my-firewall