Fortinet black logo

Administration Guide

Backing up and restoring configurations in multi VDOM mode

When a FortiGate is in multi VDOM mode, the configuration can be backed up or restored using the GUI or the CLI. Back up and restoration permissions depend on the VDOM administrator when in multi VDOM mode:

  • A global super_admin can back up and restore the global configuration or the configuration of a specific VDOM.

  • A VDOM administrator of one VDOM can only back up and restore the configuration of the current VDOM.

  • A VDOM administrator of multiple VDOMs can back up and restore the configuration of multiple VDOMs.

To back up the configuration using the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Backup.
  2. Select VDOM for the Scope. The VDOM dropdown menu is displayed.
  3. Select the VDOM you want to back up.
  4. Direct the backup to your Local PC or to a USB Disk.
  5. Enable Encryption.
    Note

    This is recommended to secure your backup configurations and prevent unauthorized parties from reloading your configuration.

  6. Enter a password, and enter it again to confirm it. This password will be required to restore the configuration.
  7. Click OK.
  8. When prompted, select a location on the PC or USB disk to save the configuration file. The configuration file will have a .conf extension.
To restore the FortiGate configuration using the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Restore.
  2. Select VDOM for the Scope. The VDOM dropdown menu is displayed.
  3. Select the VDOM that you want to restore the configuration for.
  4. Identify the source of the configuration file to be restored: your Local PC or a USB Disk.

    The USB Disk option will not be available if no USB drive is inserted in the USB port. You can restore from the FortiManager using the CLI.

  5. Click Upload, locate the configuration file, and click Open.
    Note

    Confirm that the configuration file you are uploading is for the same VDOM selected from the dropdown menu.

  6. Enter the password if required.
  7. Click OK.

Backing up configurations in the CLI

Configuration backups can be performed in the CLI using the execute backup commands. If you are backing up a VDOM configuration instead of the global configuration, first enter the commands:

config vdom
    edit <vdom_name>

Configurations can be backed up in FortiOS and YAML format.

Configuration files can be backed up to various locations depending on the command:

  • flash: Backup the configuration file to the flash drive.
  • ftp: Backup the configuration file to an FTP server.

  • sftp: Backup the configuration file to a SFTP server.

  • tftp: Backup the configuration file to a TFTP server.

  • usb: Backup the configuration file to an external USB drive.

Command

Description

# execute backup config

Back up the configuration in FortiOS format.

Backup your configuration file to:

  • flash

  • ftp

  • sftp

  • tftp

  • usb

# execute backup full-config

Backup the configuration, including backups of default configuration settings.

Backup your configuration file to:

  • ftp

  • sftp

  • tftp

  • usb

# execute backup yaml-config

Backup the configuration in YAML format.

Backup your configuration file to:

  • ftp

  • tftp

To back up the configuration in FortiOS format using the CLI:

For FTP, note that port number and username are optional depending on the FTP site:

config vdom
    edit <vdom_name>
        execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]

or for SFTP:

config vdom
    edit <vdom_name>
        execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]

or for an external USB:

config vdom
    edit <vdom_name>
        execute backup config usb <backup_filename> [<backup_password>]
To back up the configuration in YAML format using the CLI:

For FTP:

config vdom
    edit <vdom_name>
        execute backup yaml-config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute backup yaml-config tftp <file_path> <tftp_server>

Restoring configurations in the CLI

Restoring configurations can be performed in the CLI using the execute restore commands. If you are restoring a VDOM configuration instead of the global configuration, first enter the commands:

config vdom
    edit <vdom_name>

When restoring a VDOM configuration, ensure that the configuration file is for the correct VDOM specified.

Command

Description

# execute restore config

Restore a configuration that is in FortiOS format.

Configurations can be loaded from:

  • dhcp: Load the configuration though DHCP.
  • flash: Load the configuration file from flash to firewall.
  • ftp: Load the configuration file from an FTP server.

  • tftp: Load the configuration from a TFTP server.

  • usb: Load the configuration file from an external USB disk to firewall.

# execute restore yaml-config

Restore a configuration that is in YAML format.

Configurations can be loaded from:

  • ftp: Load the configuration file from an FTP server.

  • tftp: Load the configuration from a TFTP server.

To restore the FortiGate configuration in FortiOS format using the CLI:

For FTP, note that port number and username are optional depending on the FTP site:

config vdom
    edit <vdom_name>
        execute restore config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>] [<password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute restore config tftp <file_name> <tftp_server> [<password>]

or for DHCP:

config vdom
    edit <vdom_name>
        execute restore config dhcp <port> [<VLAN_ID>]

or for flash:

config vdom
    edit <vdom_name>
        execute restore config flash <revision_ID>

or for an external USB:

config vdom
    edit <vdom_name>
        execute restore config usb <file_name> [<password>]
To restore configuration files in YAML format:

For FTP:

config vdom
    edit <vdom_name>
        execute restore yaml-config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>] [<password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute restore yaml-config tftp <file_name> <tftp_server> [<password>]

When a FortiGate is in multi VDOM mode, the configuration can be backed up or restored using the GUI or the CLI. Back up and restoration permissions depend on the VDOM administrator when in multi VDOM mode:

  • A global super_admin can back up and restore the global configuration or the configuration of a specific VDOM.

  • A VDOM administrator of one VDOM can only back up and restore the configuration of the current VDOM.

  • A VDOM administrator of multiple VDOMs can back up and restore the configuration of multiple VDOMs.

To back up the configuration using the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Backup.
  2. Select VDOM for the Scope. The VDOM dropdown menu is displayed.
  3. Select the VDOM you want to back up.
  4. Direct the backup to your Local PC or to a USB Disk.
  5. Enable Encryption.
    Note

    This is recommended to secure your backup configurations and prevent unauthorized parties from reloading your configuration.

  6. Enter a password, and enter it again to confirm it. This password will be required to restore the configuration.
  7. Click OK.
  8. When prompted, select a location on the PC or USB disk to save the configuration file. The configuration file will have a .conf extension.
To restore the FortiGate configuration using the GUI:
  1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Restore.
  2. Select VDOM for the Scope. The VDOM dropdown menu is displayed.
  3. Select the VDOM that you want to restore the configuration for.
  4. Identify the source of the configuration file to be restored: your Local PC or a USB Disk.

    The USB Disk option will not be available if no USB drive is inserted in the USB port. You can restore from the FortiManager using the CLI.

  5. Click Upload, locate the configuration file, and click Open.
    Note

    Confirm that the configuration file you are uploading is for the same VDOM selected from the dropdown menu.

  6. Enter the password if required.
  7. Click OK.

Backing up configurations in the CLI

Configuration backups can be performed in the CLI using the execute backup commands. If you are backing up a VDOM configuration instead of the global configuration, first enter the commands:

config vdom
    edit <vdom_name>

Configurations can be backed up in FortiOS and YAML format.

Configuration files can be backed up to various locations depending on the command:

  • flash: Backup the configuration file to the flash drive.
  • ftp: Backup the configuration file to an FTP server.

  • sftp: Backup the configuration file to a SFTP server.

  • tftp: Backup the configuration file to a TFTP server.

  • usb: Backup the configuration file to an external USB drive.

Command

Description

# execute backup config

Back up the configuration in FortiOS format.

Backup your configuration file to:

  • flash

  • ftp

  • sftp

  • tftp

  • usb

# execute backup full-config

Backup the configuration, including backups of default configuration settings.

Backup your configuration file to:

  • ftp

  • sftp

  • tftp

  • usb

# execute backup yaml-config

Backup the configuration in YAML format.

Backup your configuration file to:

  • ftp

  • tftp

To back up the configuration in FortiOS format using the CLI:

For FTP, note that port number and username are optional depending on the FTP site:

config vdom
    edit <vdom_name>
        execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]

or for SFTP:

config vdom
    edit <vdom_name>
        execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]

or for an external USB:

config vdom
    edit <vdom_name>
        execute backup config usb <backup_filename> [<backup_password>]
To back up the configuration in YAML format using the CLI:

For FTP:

config vdom
    edit <vdom_name>
        execute backup yaml-config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute backup yaml-config tftp <file_path> <tftp_server>

Restoring configurations in the CLI

Restoring configurations can be performed in the CLI using the execute restore commands. If you are restoring a VDOM configuration instead of the global configuration, first enter the commands:

config vdom
    edit <vdom_name>

When restoring a VDOM configuration, ensure that the configuration file is for the correct VDOM specified.

Command

Description

# execute restore config

Restore a configuration that is in FortiOS format.

Configurations can be loaded from:

  • dhcp: Load the configuration though DHCP.
  • flash: Load the configuration file from flash to firewall.
  • ftp: Load the configuration file from an FTP server.

  • tftp: Load the configuration from a TFTP server.

  • usb: Load the configuration file from an external USB disk to firewall.

# execute restore yaml-config

Restore a configuration that is in YAML format.

Configurations can be loaded from:

  • ftp: Load the configuration file from an FTP server.

  • tftp: Load the configuration from a TFTP server.

To restore the FortiGate configuration in FortiOS format using the CLI:

For FTP, note that port number and username are optional depending on the FTP site:

config vdom
    edit <vdom_name>
        execute restore config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>] [<password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute restore config tftp <file_name> <tftp_server> [<password>]

or for DHCP:

config vdom
    edit <vdom_name>
        execute restore config dhcp <port> [<VLAN_ID>]

or for flash:

config vdom
    edit <vdom_name>
        execute restore config flash <revision_ID>

or for an external USB:

config vdom
    edit <vdom_name>
        execute restore config usb <file_name> [<password>]
To restore configuration files in YAML format:

For FTP:

config vdom
    edit <vdom_name>
        execute restore yaml-config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>] [<password>]

or for TFTP:

config vdom
    edit <vdom_name>
        execute restore yaml-config tftp <file_name> <tftp_server> [<password>]