Backing up and restoring configurations in multi VDOM mode
When a FortiGate is in multi VDOM mode, the configuration can be backed up or restored using the GUI or the CLI. Back up and restoration permissions depend on the VDOM administrator when in multi VDOM mode:
-
A global super_admin can back up and restore the global configuration or the configuration of a specific VDOM.
-
A VDOM administrator of one VDOM can only back up and restore the configuration of the current VDOM.
-
A VDOM administrator of multiple VDOMs can back up and restore the configuration of multiple VDOMs.
To back up the configuration using the GUI:
- Click on the user name in the upper right-hand corner of the screen and select Configuration > Backup.
- Select VDOM for the Scope. The VDOM dropdown menu is displayed.
- Select the VDOM you want to back up.
- Direct the backup to your Local PC or to a USB Disk.
- Enable Encryption.
This is recommended to secure your backup configurations and prevent unauthorized parties from reloading your configuration.
- Enter a password, and enter it again to confirm it. This password will be required to restore the configuration.
- Click OK.
- When prompted, select a location on the PC or USB disk to save the configuration file. The configuration file will have a .conf extension.
To restore the FortiGate configuration using the GUI:
- Click on the user name in the upper right-hand corner of the screen and select Configuration > Restore.
- Select VDOM for the Scope. The VDOM dropdown menu is displayed.
- Select the VDOM that you want to restore the configuration for.
- Identify the source of the configuration file to be restored: your Local PC or a USB Disk.
The USB Disk option will not be available if no USB drive is inserted in the USB port. You can restore from the FortiManager using the CLI.
- Click Upload, locate the configuration file, and click Open.
Confirm that the configuration file you are uploading is for the same VDOM selected from the dropdown menu.
- Enter the password if required.
- Click OK.
Backing up configurations in the CLI
Configuration backups can be performed in the CLI using the execute backup
commands. If you are backing up a VDOM configuration instead of the global configuration, first enter the commands:
config vdom edit <vdom_name>
Configurations can be backed up in FortiOS and YAML format.
Configuration files can be backed up to various locations depending on the command:
flash
: Backup the configuration file to the flash drive.-
ftp
: Backup the configuration file to an FTP server. -
sftp
: Backup the configuration file to a SFTP server. -
tftp
: Backup the configuration file to a TFTP server. -
usb
: Backup the configuration file to an external USB drive.
Command |
Description |
---|---|
|
Back up the configuration in FortiOS format. Backup your configuration file to:
|
|
Backup the configuration, including backups of default configuration settings. Backup your configuration file to:
|
|
Backup the configuration in YAML format. Backup your configuration file to:
|
To back up the configuration in FortiOS format using the CLI:
For FTP, note that port number and username are optional depending on the FTP site:
config vdom edit <vdom_name> execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]
or for TFTP:
config vdom edit <vdom_name> execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]
or for SFTP:
config vdom edit <vdom_name> execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]
or for an external USB:
config vdom edit <vdom_name> execute backup config usb <backup_filename> [<backup_password>]
To back up the configuration in YAML format using the CLI:
For FTP:
config vdom edit <vdom_name> execute backup yaml-config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>]
or for TFTP:
config vdom edit <vdom_name> execute backup yaml-config tftp <file_path> <tftp_server>
Restoring configurations in the CLI
Restoring configurations can be performed in the CLI using the execute restore
command. If you are restoring a VDOM configuration instead of the global configuration, first enter the commands:
config vdom edit <vdom_name>
When restoring a VDOM configuration, ensure that the configuration file is for the correct VDOM specified.
Command |
Description |
---|---|
|
Restore a configuration that is in FortiOS or YAML format. Configurations can be loaded from:
|
To restore the FortiGate configuration in FortiOS or YAML format using the CLI:
For FTP, note that port number and username are optional depending on the FTP site:
config vdom edit <vdom_name> execute restore config ftp <file_path> <ftp_server>[<:port>] [<user_name>] [<FTP password>] [<password>]
or for TFTP:
config vdom edit <vdom_name> execute restore config tftp <file_name> <tftp_server> [<password>]
or for DHCP:
config vdom edit <vdom_name> execute restore config dhcp <port> [<VLAN_ID>]
or for flash:
config vdom edit <vdom_name> execute restore config flash <revision_ID>
or for an external USB:
config vdom edit <vdom_name> execute restore config usb <file_name> [<password>]