Backing up and restoring the configuration of an appliance
You can use the backup procedure to save a copy of the configuration. The backup file created by the web UI is a text file with the following naming convention: FDD-<serialnumber>-<YYYY-MM-DD>[-SPP<No>]
. If you use the CLI to create a backup, you specify the filename.
The backup feature has few basic uses:
- Restoring the system to a known functional configuration.
- Saving the configuration as CLI commands that a co-worker or Fortinet support can use to help you resolve issues with misconfiguration.
Before you begin:
- If you are restoring a system configuration, you must know its management interface configuration in order to access the web UI after the restore procedure is completed. Open the configuration file and make note of the IP address and network requirements for the management interface. You also must know the administrator user name and password.
- If you are restoring a system configuration to a system that already has a configuration, and the new configuration has fewer SPPs defined than the existing system, it can take as long as 30 minutes for the system to remove the now-unused extra SPPs. To avoid this, factory reset all SPPs before upgrading the new configuration.
- You must have Read-Write permission for System settings.
To backup the system configuration:
- Go to System > Maintenance > Backup & Restore.
- Follow the instructions in the table below to complete the configuration.
- Save the configuration.
Backup and restore configuration page
Backup configuration guidelines
Actions | Guidelines |
---|---|
Backup | |
Backup (button) | Click the Backup button to start the backup. |
Restore | |
From File | Type the path and backup file name or click Browse to locate the file. |
Restore (button) |
Click the Restore button to start the restore procedure. Your web browser uploads the configuration file and the system reboots with the new configuration. The time required to restore varies by the size of the file and the speed of your network connection. Your web UI session is terminated when the system reboots. To continue using the web UI, refresh the web page and log in again. If the restored system has a different management interface configuration than the previous configuration, you must access the web UI using the new management interface IP address. WARNING: Restoring a configuration (full system) results in a system REBOOT which can interrupt traffic if your traffic links do not have fail-open capability. NOTE: Configuration errors that are present in a backup file will be skipped when that file is restored. After restoring a configuration file, always • Use the CLI to run “get system restore-status” which will display any issues with the configuration restore • Check the Event Log to see if any configuration error messages are present. If you see errors, contact Fortinet Support. |
To back up the configuration using the CLI to a TFTP server:
- If necessary, start your TFTP server.
- Log into the CLI as the
admin
administrator using either the local console, the CLI Console widget in the web UI, or an SSH or Telnet connection. Other administrator accounts do not have the required permissions. - Use the following command:
execute backup config tftp <filename> <ipaddress> [spp_name]
<filename>
|
Name of the file to be used for the backup file, such as Backup.conf. |
<ipaddress>
|
IP address of the TFTP server. |
[spp_name]
|
Optional. SPP configuration name, for example, SPP-0 or SPP-1. Use this option to back up only the SPP configuration. If you do not specify this option, a backup is created for the complete system configuration. |
To restore a configuration:
execute restore config tftp <filename> <ipaddress> [spp_name]
filename>
|
Name of the file, such as Backup.conf. |
<ipaddress>
|
IP address of the TFTP server. |
For example: execute restore config tftp Backup-SPP-1.conf 192.0.2.1 SPP-1
TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd off immediately after completing this procedure. |