Backing up and restoring the configuration
You use the backup procedure to save a copy of the configuration. The backup file is a text file named fadc_system.conf.
The backup feature has a few basic uses:
• Saving the configuration as CLI commands that a co-worker or Fortinet support can use to help you resolve issues with misconfiguration.
• Restoring the system to a known functional configuration.
• Creating a template configuration you can edit and then load into another system using the restore procedure.
Complete configuration backups include:
• The complete configuration.
• X.509 certificates and private keys.
In the event that FortiADC experiences hardware failure, being able to restore the entire backup configuration minimizes the time to reconfigure a replacement.
Configuration backups do not include:
• Data such as logs and reports
• The uploaded file that contains a custom error page used by a virtual server
| Back up files include sensitive information, such as HTTPS certificate private keys. We strongly recommend that you password-encrypt backup files and store them in a secure location. |
Before you begin:
• If you are restoring a configuration, you must know its management interface configuration in order to access the web UI after the restore procedure is completed. Open the configuration file and make note of the IP address and network requirements for the management interface (port1). You also must know the administrator username and password.
• You must have Read-Write permission for System settings.
To backup or restore the system configuration:
1. Go to System > Settings.
2. Click the Maintenance tab.
3. Scroll to the Backup & Restore section, and complete the actions described in
Table 50.
Table 50: Backup and restore configuration
Actions | Guidelines |
Backup |
Back Up | Select this option to back up the configuration. |
Back Up Entire Configuration | Select this option to include X.509 certificates and private keys. |
Restore |
Restore (option) | Select this option to restore a previous configuration. |
Restore File | Click Browse to locate the file. |
Restore (button) | Click the Restore button to start the restore procedure. Your web browser uploads the configuration file and the system restarts with the new configuration. Time required to restore varies by the size of the file and the speed of your network connection. Your web UI session is terminated when the system restarts. To continue using the web UI, refresh the web page and log in again. If the restored system has a different management interface configuration than the previous configuration, you must access the web UI using the new management interface IP address. |
To back up the configuration using the CLI to a TFTP server:
1. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as
tftpd (
Windows,
Mac OS X, or
Linux) on your management computer.)
| Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off tftpd off when you are done. |
2. Log in to the CLI as the admin administrator using either the local console, the CLI Console widget in the web UI, or an SSH or Telnet connection.
Other administrator accounts do not have the required permissions.
3. Enter the following command:
execute backup full-config tftp <file-name_str> <server_ipv4>
where:
<file-name_str> | Filename of the backup. |
<server_ipv4> | IP address of the server. |
For example, the following command backs up a FortiADC 200D’s configuration file to a file named FortiADC-200d.conf in the current directory on the TFTP server 192.0.2.1, encrypting the backup file using the salt string P@ssw0rd1:
exec backup full-config FortiADC-200d.conf tftp 192.0.2.1 P@ssw0rd1