How to restore a backup configuration file with private-data-encryption enabled Example
In this topic, we demonstrate how to restore a backup configuration file with private-data-encryption enabled when the FortiPAM device is factory reset or replaced due to hardware failure.
Here, private-data-encryption is enabled with 0123456789abcdef0123456789abcdef as the private key.
To restore a backup configuration file:
- In the CLI console, enter the following commands to enable
private-data-encryption:config system global set private-data-encryption enable end Please type your private data encryption key (32 hexadecimal numbers): 0123456789abcdef0123456789abcdef Please re-enter your private data encryption key (32 hexadecimal numbers) again: 0123456789abcdef0123456789abcdef Private data encryption key is accepted.
- To back up and restore configuration files, see Backup and restore.
In case the FortiPAM device accidentally factory resets or there is a hardware failure, restoring the backed up configuration file does not retrieve all the previously encrypted passwords.
The following shows the configuration file error when booting up:
Initializing firewall... System is starting... The config file may contain errors, Please see details by the command 'diagnose debug config-error-log read'
- To restore the configuration on factory reset or on a new FortiPAM device, you must set the private key prior to restoring the configuration file:
config system global set private-data-encryption enable end Please type your private data encryption key (32 hexadecimal numbers): 0123456789abcdef0123456789abcdef Please re-enter your private data encryption key (32 hexadecimal numbers) again: 0123456789abcdef0123456789abcdef
- The private data encryption key is accepted.
When this private data encryption key is entered, the configuration file is restored.