Backing up and restoring the configuration
You use the backup procedure to save a copy of the configuration. You can create a backup of a specific SPP configuration or the whole system configuration (including all SPPs). The backup file created by the web UI is a text file with the following naming convention: FDD-<serialnumber>-<YYYY-MM-DD>[-SPP<No>]. If you use the CLI to create a backup, you specify the filename.
The backup and restore feature has a few basic uses:
• Restoring the system or an SPP to a known functional configuration.
• Creating an SPP template configuration that you can edit and then import. You must carefully edit the SPP name and ID to avoid issues, and the SPP must exist on the running system before you can import a configuration for it. For example, if you want to import a configuration with the name SPP-2, and ID 2, you must first create an SPP-2 configuration (name and ID) on the running system.
• Saving the configuration as CLI commands that a co-worker or Fortinet support can use to help you resolve issues with misconfiguration.
Note: When you restore an SPP configuration, the SPP traffic statistics and counters are reset.
Before you begin:
• If you are restoring a system configuration, you must know its management interface configuration in order to access the web UI after the restore procedure is completed. Open the configuration file and make note of the IP address and network requirements for the management interface (port1). You also must know the administrator username and password.
• You must have Read-Write permission for System settings.
To backup or restore the system configuration:
1. Go to System > Maintenance > Backup & Restore.
2. Complete the actions described in
Table 77.
Table 77: Backup and restore configuration guidelines
Actions | Guidelines |
Backup |
SPP-Only | To create a backup of a single SPP configuration, select this option and then select the SPP. If this option is not selected, the system creates a backup of the complete configuration. |
Backup (button) | Click the Backup button to start the backup. |
Restore |
SPP-Only | To restore the configuration for a single SPP configuration, select this option and then select the SPP. If this option is not selected, the system processes the update as a complete restore. |
From File | Type the path and backup file name or click Browse to locate the file. |
Restore (button) | Click the Restore button to start the restore procedure. Your web browser uploads the configuration file and the system restarts with the new configuration. The time required to restore varies by the size of the file and the speed of your network connection. Your web UI session is terminated when the system restarts. To continue using the web UI, refresh the web page and log in again. If the restored system has a different management interface configuration than the previous configuration, you must access the web UI using the new management interface IP address. |
To back up the configuration using the CLI to a TFTP server:
1. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as
tftpd (
Windows,
Mac OS X, or
Linux) on your management computer.)
2. Log into the CLI as the admin administrator using either the local console, the CLI Console widget in the web UI, or an SSH or Telnet connection.
Other administrator accounts do not have the required permissions.
3. Use the following command:
execute backup config tftp <filename> <ipaddress> [spp_name]
<filename> | Name of the file to be used for the backup file, such as Backup.conf. |
<ipaddress> | IP address of the TFTP server. |
[spp_name] | Optional. SPP configuration name, for example, SPP-0 or SPP-1. Use this option to back up only the SPP configuration. If you do not specify this option, a backup is created for the complete system configuration. |
The following command creates a backup of the SPP-1 configuration. The backup file is named Backup-SPP-1.conf:
exec backup config tftp Backup-SPP-1.conf 192.0.2.1 SPP-1
To restore a configuration:
• Use the following command:
execute restore config tftp <filename> <ipaddress> [spp_name]
<filename> | Name of the file to be used for the backup file, such as Backup.conf. |
<ipaddress> | IP address of the TFTP server. |
[spp_name] | Optional. SPP configuration name, for example, SPP-0, SPP-1, and so on. Use this option to restore only the SPP configuration. If you do not specify this option, the imported file is regarded as a complete system configuration file. |
For example:
execute restore config tftp Backup-SPP-1.conf 192.0.2.1 SPP-1
| TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn tftpd off immediately after completing this procedure. |
