FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
zeeshan_FTNT
Staff
Staff
Article Id 194312

Description

 

This article explains how to use the revision feature in case of configuration change to revert back to a configuration previously saved in the FortiGate flash memory.


Solution

 

The FortiGate configuration revision option enables the user to maintain multiple versions of the configuration file on the device (the device flash memory should be 512 or higher, depending on the size of the configuration). To use this option, the device must have sufficient space in Flash memory (diag sys flsh list) otherwise a central management server must be configured. The central management server could be FortiCloud or FortiManager.

When revision option is enabled on the device, backups of the running configuration of FortiGate are made periodically after each change (point 1 below).  A list of configuration backups will appear.

The available revisions can be accessed from GUI as shown: 

AlexCFTNT_0-1650447608878.png
Or in CLI:
AlexCFTNT_1-1650447697032.png

 

Note that the following commands use "image" and "config" revisions.
Image refers to the firmware, while config is the "configuration" revision.
 
1) To enable or disable auto-back up of the config when firmware is upgraded:
config system global
set revision-image-auto-backup enable
end
2) To auto-create a configuration revision on logout, execute the following commands via the CLI
# config system global
# set revision-backup-on-logout enable
# end
AlexCFTNT_2-1650448202365.png

 

3) To check the configuration revision information
execute revision list config
4) To delete a configuration file
execute revision delete config <revision>
5) To delete a firmware image file (not the configuration)
execute revision delete image <revision>
6) To list the configuration files
execute revision list config
This feature can be used to compare the configuration changes and revert back the FortiGate to the previous configuration in case of any configuration loss in current state.

 

Related Articles

Technical Note: What does revision-image-auto-backup do?

Technical Tip: How to save and restore configuration changes using revisions