Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

restore

Use this command to:

  • restore the configuration from a file
  • change the FortiGate firmware
  • change the FortiGate backup firmware
  • restore an IPS custom signature file

When virtual domain configuration is enabled (in system global, vdom-admin is enabled), the content of the backup file depends on the administrator account that created it.

A backup of the system configuration from the super admin account contains the global settings and the settings for all of the VDOMs. Only the super admin account can restore the configuration from this file.

A backup file from a regular administrator account contains the global settings and the settings for the VDOM to which the administrator belongs. Only a regular administrator account can restore the configuration from this file.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

execute restore script ftp

execute restore script lastlog

execute restore script scp

execute restore script tftp

New execute commands.

Syntax

Update the antivirus database from an FTP server

Update the antivirus database on the FortiGate by downloading it from an FTP server.

execute restore av ftp  Restore antivirus database from FTP server.
        {string}   Antivirus data base file name (path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Update the antivirus database from a TFTP server

Update the antivirus database on the FortiGate by downloading it from a TFTP server.

execute restore av tftp  Restore antivirus database from TFTP server.
        {string}   Antivirus database file name on the TFTP server.
            {ip}   IP address.

Load a configuration file from a DHCP server
execute restore config dhcp  Load config file via DHCP.
        {port}   Port to be DHCP client.
            {Enter} | {vlanid}   Enter or specify VLAN ID to create a VLAN on the <port>.

Load a configuration file from flash

Restore the specified revision of the system configuration from the flash disk.

execute restore config flash  Load config file from flash to firewall.
        {revision}   Revision ID on the flash.

Load a configuration file from an FTP server

Restore the system configuration from an FTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.

If the backup file was created with a password, you must specify the password.

execute restore config ftp  Load config file from FTP server.
        {string}   Configure file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.
                        {Enter}|{passwd}   Password may be needed to restore.

Load a configuration file from a management station (PC)
execute restore config management-station normal  Load normal config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration management script from a management station (PC)
execute restore config management-station script  Load script config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration file template from a management station (PC)
execute restore config management-station template  Load template config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration file from a TFTP server

Restore the system configuration from a TFTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.

If the backup file was created with a password, you must specify the password.

execute restore config tftp  Load config file from TFTP server to firewall.
        {string}   File name on the TFTP server.
            {ip}   IP address.
                {Enter}|{passwd}   Password may be needed to restore.

Load a configuration file from an external USB disk
execute restore config usb  Load config file from USB disk to firewall.
        {string}   File name on USB disk.
            {Enter}|{passwd}   Password may be needed to restore.

Specify the password for restoring a configuration file from an external USB disk
execute restore config usb-mode  Load config file from USB disk and reboot.
        {Enter}|{passwd}   Optional password to protect.

Load a firmware image from flash
execute restore image flash  Restore image from flash.
        {revision}   Image revision ID on flash.

Load a firmware image from an FTP server
execute restore image ftp  Load image from FTP server.
        {string}   Image file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load a firmware image from a management station (PC)
execute restore image management-station  Restore image from Management station.
        {string}   Image ID on the server.

Load a firmware image from a TFTP server
execute restore image tftp  Restore image from TFTP server.
        {string}   Image file name on the TFTP server.
            {ip}   IP address.

Load a firmware image from an external USB disk
execute restore image usb  Restore image from USB disk.
        {string}   Image file name on the USB disk.

Install an IPS update from an FTP server
execute restore ips ftp  Restore IPS database from FTP server.
        {string}   IPS data base file name (path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Install an IPS update from a TFTP server
execute restore ips tftp  Restore IPS database from TFTP server.
        {string}   IPS database file name on the TFTP server.
            {ip}   IP address.

Install user defined IPS signatures from an FTP server
execute restore ipsuserdefsig ftp  Restore user-defined ips signatures file from FTP server.
        {string}   User-defined ips signatures file on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Install user defined IPS signatures from a TFTP server
execute restore ipsuserdefsig tftp  Restore user defined IPS signatures file from TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Update FortiGuard packages from an FTP server

You can update the internet service database and other FortiGuard package files.

execute restore other-objects ftp  Restore other FortiGuard packages from FTP server.
	Current support: Internet-service Database Apps/Maps and URL White List.
        {string}   Other FortiGuard package file name on the FTP server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Update FortiGuard packages from a TFTP server

You can update the internet service database and other FortiGuard package files.

execute restore other-objects tftp  Restore other FortiGuard packages from TFTP server.
	Current support: Internet-service Database Apps/Maps and URL White List.
        {string}   Other FortiGuard package file name on the TFTP server.
            {ip}   IP address.

Load script from an FTP server
execute restore script ftp  Load script from FTP server.
        {string}   Script on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

View last restored script
execute restore script lastlog  Read the result of last restored script.

Load script from an SCP server to the firewall
execute restore script scp  Load script from SCP server to firewall.
        {string}   File name on the SCP server.
            {ip}   IP address.
                {user}   User name.
                    {Enter}|{passwd}   Enter or input password.

Load script from a TFTP server to the firewall
execute restore script tftp  Load script from TFTP server to firewall.
        {string}   File name on the TFTP server.
            {ip}   IP address.
                {Enter}|{passwd}   Password may be needed to restore.

Load a backup firmware image from an FTP server
execute restore secondary-image ftp  Load image from FTP server.
        {string}   Image file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load a backup firmware image from a TFTP server
execute restore secondary-image tftp  Restore image from TFTP server.
        {string}   Image file name on the TFTP server.
            {ip}   IP address.

Load a backup firmware image from an external USB disk
execute restore secondary-image usb  Restore image from USB disk.
        {string}   Image file name on the USB disk.

Load source visibility signatures from an FTP server
execute restore src-vis ftp  Source visibility signatures from the FTP server.
        {string}   Source visibility signatures on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load source visibility signatures from a TFTP server
execute restore src-vis tftp  Restore source visibility signatures from TFTP server.
        {string}   Source visibility signature file name on the TFTP server.
            {ip}   IP address.

Download a VM license file from an FTP server
execute restore vmlicense ftp  Restore VM license from FTP server.
        {string}   VM license file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Download a VM license file from a TFTP server
execute restore vmlicense tftp  restore VM license from tftp server
        {string}   VM license file name on the tftp server
            {ip}   IP address.

Example

This example shows how to upload a configuration file from a TFTP server to the FortiGate unit and restart the FortiGate unit with this configuration. The name of the configuration file on the TFTP server is backupconfig. The IP address of the TFTP server is 192.168.1.23.

execute restore config tftp backupconfig 192.168.1.23

restore

Use this command to:

  • restore the configuration from a file
  • change the FortiGate firmware
  • change the FortiGate backup firmware
  • restore an IPS custom signature file

When virtual domain configuration is enabled (in system global, vdom-admin is enabled), the content of the backup file depends on the administrator account that created it.

A backup of the system configuration from the super admin account contains the global settings and the settings for all of the VDOMs. Only the super admin account can restore the configuration from this file.

A backup file from a regular administrator account contains the global settings and the settings for the VDOM to which the administrator belongs. Only a regular administrator account can restore the configuration from this file.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

execute restore script ftp

execute restore script lastlog

execute restore script scp

execute restore script tftp

New execute commands.

Syntax

Update the antivirus database from an FTP server

Update the antivirus database on the FortiGate by downloading it from an FTP server.

execute restore av ftp  Restore antivirus database from FTP server.
        {string}   Antivirus data base file name (path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Update the antivirus database from a TFTP server

Update the antivirus database on the FortiGate by downloading it from a TFTP server.

execute restore av tftp  Restore antivirus database from TFTP server.
        {string}   Antivirus database file name on the TFTP server.
            {ip}   IP address.

Load a configuration file from a DHCP server
execute restore config dhcp  Load config file via DHCP.
        {port}   Port to be DHCP client.
            {Enter} | {vlanid}   Enter or specify VLAN ID to create a VLAN on the <port>.

Load a configuration file from flash

Restore the specified revision of the system configuration from the flash disk.

execute restore config flash  Load config file from flash to firewall.
        {revision}   Revision ID on the flash.

Load a configuration file from an FTP server

Restore the system configuration from an FTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.

If the backup file was created with a password, you must specify the password.

execute restore config ftp  Load config file from FTP server.
        {string}   Configure file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.
                        {Enter}|{passwd}   Password may be needed to restore.

Load a configuration file from a management station (PC)
execute restore config management-station normal  Load normal config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration management script from a management station (PC)
execute restore config management-station script  Load script config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration file template from a management station (PC)
execute restore config management-station template  Load template config file from management station to firewall.
        {revision}   Revision to retrieve, or enter '0' to get latest revision list.

Load a configuration file from a TFTP server

Restore the system configuration from a TFTP server. The new configuration replaces the existing configuration, including administrator accounts and passwords.

If the backup file was created with a password, you must specify the password.

execute restore config tftp  Load config file from TFTP server to firewall.
        {string}   File name on the TFTP server.
            {ip}   IP address.
                {Enter}|{passwd}   Password may be needed to restore.

Load a configuration file from an external USB disk
execute restore config usb  Load config file from USB disk to firewall.
        {string}   File name on USB disk.
            {Enter}|{passwd}   Password may be needed to restore.

Specify the password for restoring a configuration file from an external USB disk
execute restore config usb-mode  Load config file from USB disk and reboot.
        {Enter}|{passwd}   Optional password to protect.

Load a firmware image from flash
execute restore image flash  Restore image from flash.
        {revision}   Image revision ID on flash.

Load a firmware image from an FTP server
execute restore image ftp  Load image from FTP server.
        {string}   Image file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load a firmware image from a management station (PC)
execute restore image management-station  Restore image from Management station.
        {string}   Image ID on the server.

Load a firmware image from a TFTP server
execute restore image tftp  Restore image from TFTP server.
        {string}   Image file name on the TFTP server.
            {ip}   IP address.

Load a firmware image from an external USB disk
execute restore image usb  Restore image from USB disk.
        {string}   Image file name on the USB disk.

Install an IPS update from an FTP server
execute restore ips ftp  Restore IPS database from FTP server.
        {string}   IPS data base file name (path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Install an IPS update from a TFTP server
execute restore ips tftp  Restore IPS database from TFTP server.
        {string}   IPS database file name on the TFTP server.
            {ip}   IP address.

Install user defined IPS signatures from an FTP server
execute restore ipsuserdefsig ftp  Restore user-defined ips signatures file from FTP server.
        {string}   User-defined ips signatures file on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Install user defined IPS signatures from a TFTP server
execute restore ipsuserdefsig tftp  Restore user defined IPS signatures file from TFTP server.
        {string}   File name on the TFTP server.
            {ip}   IP address of TFTP server.

Update FortiGuard packages from an FTP server

You can update the internet service database and other FortiGuard package files.

execute restore other-objects ftp  Restore other FortiGuard packages from FTP server.
	Current support: Internet-service Database Apps/Maps and URL White List.
        {string}   Other FortiGuard package file name on the FTP server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Update FortiGuard packages from a TFTP server

You can update the internet service database and other FortiGuard package files.

execute restore other-objects tftp  Restore other FortiGuard packages from TFTP server.
	Current support: Internet-service Database Apps/Maps and URL White List.
        {string}   Other FortiGuard package file name on the TFTP server.
            {ip}   IP address.

Load script from an FTP server
execute restore script ftp  Load script from FTP server.
        {string}   Script on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

View last restored script
execute restore script lastlog  Read the result of last restored script.

Load script from an SCP server to the firewall
execute restore script scp  Load script from SCP server to firewall.
        {string}   File name on the SCP server.
            {ip}   IP address.
                {user}   User name.
                    {Enter}|{passwd}   Enter or input password.

Load script from a TFTP server to the firewall
execute restore script tftp  Load script from TFTP server to firewall.
        {string}   File name on the TFTP server.
            {ip}   IP address.
                {Enter}|{passwd}   Password may be needed to restore.

Load a backup firmware image from an FTP server
execute restore secondary-image ftp  Load image from FTP server.
        {string}   Image file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load a backup firmware image from a TFTP server
execute restore secondary-image tftp  Restore image from TFTP server.
        {string}   Image file name on the TFTP server.
            {ip}   IP address.

Load a backup firmware image from an external USB disk
execute restore secondary-image usb  Restore image from USB disk.
        {string}   Image file name on the USB disk.

Load source visibility signatures from an FTP server
execute restore src-vis ftp  Source visibility signatures from the FTP server.
        {string}   Source visibility signatures on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Load source visibility signatures from a TFTP server
execute restore src-vis tftp  Restore source visibility signatures from TFTP server.
        {string}   Source visibility signature file name on the TFTP server.
            {ip}   IP address.

Download a VM license file from an FTP server
execute restore vmlicense ftp  Restore VM license from FTP server.
        {string}   VM license file name(path) on the remote server.
            {ftp server}[:ftp port]   FTP server IP or FQDN, can be attached with port.
                {Enter}|{user}   FTP username may be needed.
                    {passwd}   FTP password.

Download a VM license file from a TFTP server
execute restore vmlicense tftp  restore VM license from tftp server
        {string}   VM license file name on the tftp server
            {ip}   IP address.

Example

This example shows how to upload a configuration file from a TFTP server to the FortiGate unit and restart the FortiGate unit with this configuration. The name of the configuration file on the TFTP server is backupconfig. The IP address of the TFTP server is 192.168.1.23.

execute restore config tftp backupconfig 192.168.1.23