Description
This article explains how to use the revision feature in cases of configuration changes to revert back to a configuration previously saved in the FortiGate flash memory.
Scope
FortiGate.
Solution
The FortiGate configuration revision option enables the user to maintain multiple versions of the configuration file on the device (the device flash memory should be 512 or higher, depending on the size of the configuration). To use this option, the device must have sufficient space in Flash memory (diag sys flash list). Otherwise, a central management server must be configured. The central management server could be FortiCloud or FortiManager.
When the revision option is enabled on the device, backups of the running configuration of FortiGate are made periodically after each change (point 1 below). A list of configuration backups will appear.
The available revisions can be accessed from the GUI as shown below:
Note that the following commands use 'image' and 'config' revisions.
When the revision option is enabled on the device, backups of the running configuration of FortiGate are made periodically after each change (point 1 below). A list of configuration backups will appear.
The available revisions can be accessed from the GUI as shown below:
Alternatively, they can be accessed in the CLI:
The image refers to the firmware, while the config is the 'configuration' revision.
- To enable or disable auto-backup of the config when firmware is upgraded:
config system global
set revision-image-auto-backup enable
end
- To auto-create a configuration revision on logout, execute the following commands in the CLI:
config system global
set revision-backup-on-logout enable
end
- To check the available configuration revisions and the associated revision IDs:
execute revision list config
- To delete a configuration file:
execute revision delete config <revision>
- To delete a firmware image file (not the configuration):
execute revision delete image <revision>
This feature can be used to compare the configuration changes and revert the FortiGate back to the previous configuration in case of any configuration loss in the current state.
To compare the configurations, choose the two versions and select the 'Diff' button:
To revert to the previous configuration, choose the correct version and select the 'Revert' button:
Config restoration can also be performed from the CLI using the following command (the Revision ID can be obtained from the output of execute revision list config:(
execute restore config flash <Revision_ID>
The maximum number of revisions that can be stored will depend on the hardware model. Open a ticket with TAC to find the maximum number for a specific model.
Related articles:
