restore
Use this command to:
- restore the configuration from a file
- change the FortiGate firmware
- change the FortiGate backup firmware
- restore an IPS custom signature file
When virtual domain configuration is enabled (in system global, vdom-admin is enabled), the content of the backup file depends on the administrator account that created it.
A backup of the system configuration from the super admin account contains the global settings and the settings for all of the VDOMs. Only the super admin account can restore the configuration from this file.
A backup file from a regular administrator account contains the global settings and the settings for the VDOM to which the administrator belongs. Only a regular administrator account can restore the configuration from this file.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
| Command | Description |
|---|---|
|
execute restore script ftp execute restore script lastlog execute restore script scp execute restore script tftp |
New |
Syntax
Update the antivirus database from an FTP server
Update the antivirus database on the FortiGate by downloading it from an FTP server.
execute restore av ftp Restore antivirus database from FTP server.
{string} Antivirus data base file name (path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Update the antivirus database from a TFTP server
Update the antivirus database on the FortiGate by downloading it from a TFTP server.
execute restore av tftp Restore antivirus database from TFTP server.
{string} Antivirus database file name on the TFTP server.
{ip} IP address.
Load a configuration file from a DHCP server
execute restore config dhcp Load config file via DHCP.
{port} Port to be DHCP client.
{Enter} | {vlanid} Enter or specify VLAN ID to create a VLAN on the <port>.
Load a configuration file from flash
Restore the specified revision of the system configuration from the flash disk.
execute restore config flash Load config file from flash to firewall.
{revision} Revision ID on the flash.
Load a configuration file from an FTP server
Restore the system configuration from an FTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.
If the backup file was created with a password, you must specify the password.
execute restore config ftp Load config file from FTP server.
{string} Configure file name(path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
{Enter}|{passwd} Password may be needed to restore.
Load a configuration file from a management station (PC)
execute restore config management-station normal Load normal config file from management station to firewall.
{revision} Revision to retrieve, or enter '0' to get latest revision list.
Load a configuration management script from a management station (PC)
execute restore config management-station script Load script config file from management station to firewall.
{revision} Revision to retrieve, or enter '0' to get latest revision list.
Load a configuration file template from a management station (PC)
execute restore config management-station template Load template config file from management station to firewall.
{revision} Revision to retrieve, or enter '0' to get latest revision list.
Load a configuration file from a TFTP server
Restore the system configuration from a TFTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.
If the backup file was created with a password, you must specify the password.
execute restore config tftp Load config file from TFTP server to firewall.
{string} File name on the TFTP server.
{ip} IP address.
{Enter}|{passwd} Password may be needed to restore.
Load a configuration file from an external USB disk
execute restore config usb Load config file from USB disk to firewall.
{string} File name on USB disk.
{Enter}|{passwd} Password may be needed to restore.
Specify the password for restoring a configuration file from an external USB disk
execute restore config usb-mode Load config file from USB disk and reboot.
{Enter}|{passwd} Optional password to protect.
Load a firmware image from flash
execute restore image flash Restore image from flash.
{revision} Image revision ID on flash.
Load a firmware image from an FTP server
execute restore image ftp Load image from FTP server.
{string} Image file name(path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Load a firmware image from a management station (PC)
execute restore image management-station Restore image from Management station.
{string} Image ID on the server.
Load a firmware image from a TFTP server
execute restore image tftp Restore image from TFTP server.
{string} Image file name on the TFTP server.
{ip} IP address.
Load a firmware image from an external USB disk
execute restore image usb Restore image from USB disk.
{string} Image file name on the USB disk.
Install an IPS update from an FTP server
execute restore ips ftp Restore IPS database from FTP server.
{string} IPS data base file name (path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Install an IPS update from a TFTP server
execute restore ips tftp Restore IPS database from TFTP server.
{string} IPS database file name on the TFTP server.
{ip} IP address.
Install user defined IPS signatures from an FTP server
execute restore ipsuserdefsig ftp Restore user-defined ips signatures file from FTP server.
{string} User-defined ips signatures file on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Install user defined IPS signatures from a TFTP server
execute restore ipsuserdefsig tftp Restore user defined IPS signatures file from TFTP server.
{string} File name on the TFTP server.
{ip} IP address of TFTP server.
Update FortiGuard packages from an FTP server
You can update the internet service database and other FortiGuard package files.
execute restore other-objects ftp Restore other FortiGuard packages from FTP server.
Current support: Internet-service Database Apps/Maps and URL White List.
{string} Other FortiGuard package file name on the FTP server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Update FortiGuard packages from a TFTP server
You can update the internet service database and other FortiGuard package files.
execute restore other-objects tftp Restore other FortiGuard packages from TFTP server.
Current support: Internet-service Database Apps/Maps and URL White List.
{string} Other FortiGuard package file name on the TFTP server.
{ip} IP address.
Load script from an FTP server
execute restore script ftp Load script from FTP server.
{string} Script on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
View last restored script
execute restore script lastlog Read the result of last restored script.
Load script from an SCP server to the firewall
execute restore script scp Load script from SCP server to firewall.
{string} File name on the SCP server.
{ip} IP address.
{user} User name.
{Enter}|{passwd} Enter or input password.
Load script from a TFTP server to the firewall
execute restore script tftp Load script from TFTP server to firewall.
{string} File name on the TFTP server.
{ip} IP address.
{Enter}|{passwd} Password may be needed to restore.
Load a backup firmware image from an FTP server
execute restore secondary-image ftp Load image from FTP server.
{string} Image file name(path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Load a backup firmware image from a TFTP server
execute restore secondary-image tftp Restore image from TFTP server.
{string} Image file name on the TFTP server.
{ip} IP address.
Load a backup firmware image from an external USB disk
execute restore secondary-image usb Restore image from USB disk.
{string} Image file name on the USB disk.
Download a VM license file from an FTP server
execute restore vmlicense ftp Restore VM license from FTP server.
{string} VM license file name(path) on the remote server.
{ftp server}[:ftp port] FTP server IP or FQDN, can be attached with port.
{Enter}|{user} FTP username may be needed.
{passwd} FTP password.
Download a VM license file from a TFTP server
execute restore vmlicense tftp restore VM license from tftp server
{string} VM license file name on the tftp server
{ip} IP address.
Example
This example shows how to upload a configuration file from a TFTP server to the FortiGate unit and restart the FortiGate unit with this configuration. The name of the configuration file on the TFTP server is backupconfig. The IP address of the TFTP server is 192.168.1.23.
execute restore config tftp backupconfig 192.168.1.23