Skip to main content
Juan_Ro_39
Juan_Ro_39
New Member
June 10, 2020
Question

Restoring configuration VDOM file

  • June 10, 2020
  • 1 reply
  • 6818 views

Hello,

 

Does anyone know the behaviour when you only restore a configuration VDOM file?

Wich is the best option to do this?

Does the firewall reboot when you restore a vdom configuration backup?

 

Thank you in advance for your answers.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 10, 2020

    I haven't done this myself before so I was curing to try it with my home 50E, which has a test-vdom.

    At the GUI, it was quite obvious not to reboot because if you choose Global it gives me a warning "would reboot!" while the warning disappear when I choose VDOM. But just in case, I had a console connection while restoring VDOM config.

    It showed nothing on the console and showed "success!" on the GUI.

    Since I didn't do that on root VDOM I didn't experienced any disconnections. But if restoring config is different from the running config, I would expect short down time depending on the changes the restoration executes. Same as when you change something manually.

     

    lobstercreed
    lobstercreed
    New Member
    June 10, 2020

    If I may piggy-back on this, especially since it sounds like Toshi has some experience with this.  What kind of downtime should be expected for restoring a config in general? 

     

    Specifically I am wanting to make some changes that I can't do live due to the references to interfaces and objects, so I want to work it all out in the code and then restore.  However we have applications that rely on connectivity to their databases through the firewall, so downtime needs to be almost nil. 

     

    I've never had any trouble doing normal code upgrades with HA failover, but the documentation says restoring a config causes both units to reboot simultaneously, so I'm thinking that's not going to work?

     

    Thanks! - Daniel  (FortiGate 1500D HA pair running 6.0.9, soon to upgrade to 6.4.1 *fingers crossed*)

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 10, 2020

    Daniel,

     

    I didn't have ANY experiences. That's why I tried from my curiosity. My assumptions based on the quick test is it would just override everything top to the bottom literally. So if zero changes, it might be no downtime.  But I would expect PPPoE to drop and re-authenticate, or LACP might need to re-negotiate, and so on. So totally depending on what kind of config it has and changes you make. Again, all of these are my theory, not from my experiences. If you're really worring about the real downtime for specific connections, only way to figure out is to have a small scale test environment to execute restoration.

     

    Toshi

    Terms & ConditionsAccessibility statement