Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
zeeshan_FTNT
Staff
Staff

Created on ‎08-01-2016 02:28 AM Edited on ‎08-12-2024 09:15 AM By Moderator

Article Id 194312

Technical Tip: Using the 'Revision' option to revert to a previous configuration

Description

 

This article explains how to use the revision feature in cases of configuration changes to revert back to a configuration previously saved in the FortiGate flash memory.
 
Scope
 
FortiGate.


Solution

 

The FortiGate configuration revision option enables the user to maintain multiple versions of the configuration file on the device (the device flash memory should be 512 or higher, depending on the size of the configuration). To use this option, the device must have sufficient space in Flash memory (diag sys flsh list). Otherwise, a central management server must be configured. The central management server could be FortiCloud or FortiManager.

When the revision option is enabled on the device, backups of the running configuration of FortiGate are made periodically after each change (point 1 below).  A list of configuration backups will appear.

The available revisions can be accessed from the GUI as shown below:

AlexCFTNT_0-1650447608878.png
 
Alternatively, they can be accessed in the CLI:
 
AlexCFTNT_1-1650447697032.png

 

Note that the following commands use 'image' and 'config' revisions.
The image refers to the firmware, while the config is the 'configuration' revision.
 
  1. To enable or disable auto-back up of the config when firmware is upgraded:
 
config system global
set revision-image-auto-backup enable
end

  1. To auto-create a configuration revision on logout, execute the following commands in the CLI:
 
config system global
set revision-backup-on-logout enable
end
 
AlexCFTNT_2-1650448202365.png


  1. To check the configuration revision information:

 

execute revision list config

 

  1. To delete a configuration file:

 

execute revision delete config <revision> 
  1. To delete a firmware image file (not the configuration):
 
execute revision delete image <revision>
  1. To list the configuration files
 
execute revision list config
 
This feature can be used to compare the configuration changes and revert the FortiGate back to the previous configuration in case of any configuration loss in the current state.
 
  • The maximum number of revisions that can be stored will depend on the hardware model. Open a ticket with TAC to find the maximum number for a specific model.

 

Related articles:

Labels:
34304
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.