Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiProxy 7.2.9 Administration Guide
    7.2.9
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Configuration backups and reset

    Configuration backups and reset

    You can use the GUI or CLI to back up the configuration in FortiProxy format. You have the option to save the configuration file in FortiProxy format to various locations including the local PC, USB key, FTP, and TFTP server. FTP and TFTP are only configurable through the CLI.

    This topic includes the following information:

    Backing up and restoring configurations from the GUI

    Configurations can be backed up using the GUI to your PC or a USB disk.

    Field

    Description

    Scope

    When the FortiProxy is in multi-vdom mode and a user is logged in as a global administrator.
    Backup to

    You can choose where to save the configuration backup file.

    • Local PC: Save the configuration file to your PC.

    • USB Disk: Save the configuration file to an external USB disk. This option is not available if there is no USB drive inserted in the USB port.

    You can also back up to FortiManager using the CLI.
    File format The configuration file can be saved in FortiProxy format.
    Encryption

    Enable Encryption to encrypt the configuration file. A configuration file cannot be restored on the FortiProxy without a set password. Encryption must be enabled on the backup file to back up VPN certificates.

    Encryption is performed using AES-GCM algorithm.

    Restoring configuration files from the GUI

    Configuration files can be used to restore the FortiProxy to a previous configuration in the Restore System Configuration page.

    To restore the FortiProxy configuration using the GUI:
    1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Restore.
    2. Identify the source of the configuration file to be restored: your Local PC or a USB Disk.

      The USB Disk option will not be available if no USB drive is inserted in the USB port. You can restore from the FortiManager using the CLI.

    3. Click Upload, locate the configuration file, and click Open.
    4. Enter the password if required.
    5. Click OK.

    Backing up and restoring configurations from the CLI

    Configuration backups in the CLI are performed using the execute backup commands and can be backed up in FortiProxy format.

    Configuration files can be backed up to various locations depending on the command:

    • flash: Backup the configuration file to the flash drive.

    • ftp: Backup the configuration file to an FTP server.

    • management-station: Backup the configuration file to a management station, such as FortiManager or FortiGate Cloud.

    • sftp: Backup the configuration file to a SFTP server.

    • tftp: Backup the configuration file to a TFTP server.

    • usb: Backup the configuration file to an external USB drive.

    • usb-mode: Backup the configuration file for USB mode.

    Command

    Description

    # execute backup config

    Back up the configuration in FortiProxy format.

    Backup your configuration file to:

    • flash

    • ftp

    • management-station

    • sftp

    • tftp

    • usb

    • usb-mode

    # execute backup full-config

    Backup the configuration, including backups of default configuration settings.

    Backup your configuration file to:

    • ftp

    • sftp

    • tftp

    • usb

    • usb-mode

    To back up the configuration using the CLI:

    For FTP, note that port number, username are optional depending on the FTP site:

    # execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]

    or for TFTP:

    # execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]

    or for SFTP:

    # execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]

    or:

    # execute backup config management-station <comment>

    or:

    # execute backup config usb <backup_filename> [<backup_password>]

    Use the same commands to backup a VDOM configuration by first entering the commands:

    config vdom
    edit <vdom_name>

    See Backing up and restoring configurations in multi VDOM mode for more information.

    Restoring configuration files from the CLI

    Configuration files can be used to restore the FortiProxy using the CLI.

    Command

    Description

    # execute restore config

    Restore a configuration that is in FortiProxy format. The file format is automatically detected when it is being restored.

    Configurations can be loaded from:

    • flash: Load the configuration file from flash to firewall.

    • ftp: Load the configuration file from an FTP server.

    • management-station: Load the configuration from a management station.

    • tftp: Load the configuration from a TFTP server.

    • usb: Load the configuration file from an external USB disk to firewall.

    • usb-mode: Load the configuration file from an external USB disk and reboot.
    To restore the FortiProxy configuration using the CLI:

    For FTP, note that port number, username are optional depending on the FTP site:

    # execute restore config ftp <backup_filename> <ftp_server>[<:port>] [<user_name>] [<password>] [<backup_password>]

    or for TFTP:

    # execute restore config tftp <backup_filename> <tftp_server> [<backup_password>]

    For restoring the configuration from FortiManager or FortiGate Cloud:

    # execute restore config management-station normal <revision ID>

    or:

    # execute restore config usb <backup_filename> [<backup_password>]

    The FortiProxy will load the configuration file and restart. Once the restart has completed, verify that the configuration has been restored.

    Troubleshooting

    When restoring a configuration, errors may occur, but the solutions are usually straightforward.

    Error message

    Reason and Solution

    Configuration file error

    This error occurs when attempting to upload a configuration file that is incompatible with the device. This may be due to the configuration file being for a different model or being saved from a different version of firmware.

    Solution: Upload a configuration file that is for the correct model of FortiProxy device and the correct version of the firmware.

    Invalid password

    When the configuration file is saved, it can be protected by a password. The password entered during the upload process is not matching the one associated with the configuration file.

    Solution: Use the correct password if the file is password protected.

    Configuration revision

    You can manage multiple versions of configuration files on models that have a 512 MB flash memory and higher. Revision control requires either a configured central management server or the local hard drive, if your FortiProxy has this feature. Typically, configuration backup to local drive is not available on lower-end models.

    Central management server

    The central management server can either be a FortiManager unit or FortiGate Cloud.

    If central management is not configured on your FortiProxy, a message appears instructing you to either enable central management, or obtain a valid license.

    To enable central management from the GUI:

    1. Go to Security Fabric > Fabric Connectors and double-click the Central Management card.

    2. Set the Status to Enabled and select a Type.

    3. Click OK.

    To enable central management from the CLI:
    config system central-management
    set type {fortimanager | fortiguard}
    set mode backup
    set fmg <IP address>
end
    To backup to the management server:
    # execute backup config management-station <comment>
    To view a backed up revision:
    # execute restore config management-station normal 0
    To restore a backed up revision:
    # execute restore config management-station normal <revision ID>

    Backing up to a local disk

    When revision control is enabled on your FortiProxy unit, and configuration backups have been made, a list of saved revisions of those backed-up configurations appears.

    Configuration backup occurs by default with firmware upgrades but can also be configured to occur every time you log out.

    To configure configuration backup when logging out:
    config system global
  set revision-backup-on-logout enable
end
    To manually force backup:
    # execute backup config flash <comment>

    Configuration revisions are viewed by clicking on the user name in the upper right-hand corner of the screen and selecting Configuration > Revisions.

    To view a list of revisions backed up to the disk from the CLI:
    # execute revision list config
    To restore a configuration from the CLI:
    # execute restore config flash <revision ID>

    Restore factory defaults

    There may be a need to reset the FortiProxy to its original defaults; for example, to begin with a fresh configuration. There are two options when restoring factory defaults:

    # execute factoryreset

    Reset the device to factory default configuration.

    The firmware version and antivirus and IPS attack definitions are not changed.

    		 
    # execute factoryreset2

    Reset to factory default configuration without losing management access to the FortiProxy.

    Interface and VDOM configurations, as well as the firmware version and antivirus and IPS attack definitions, are not changed.

    Secure file copy

    You can also back up and restore your configuration using Secure File Copy (SCP). See How to download a FortiGate configuration file and upload firmware file using secure file copy (SCP).

    You enable SCP support using the following command:

    config system global
    set admin-scp enable
end

    For more information about this command and about SCP support, see config system global.

    Previous
    Next

    Configuration backups and reset

    Configuration backups and reset

    You can use the GUI or CLI to back up the configuration in FortiProxy format. You have the option to save the configuration file in FortiProxy format to various locations including the local PC, USB key, FTP, and TFTP server. FTP and TFTP are only configurable through the CLI.

    This topic includes the following information:

    Backing up and restoring configurations from the GUI

    Configurations can be backed up using the GUI to your PC or a USB disk.

    Field

    Description

    Scope

    When the FortiProxy is in multi-vdom mode and a user is logged in as a global administrator.
    Backup to

    You can choose where to save the configuration backup file.

    • Local PC: Save the configuration file to your PC.

    • USB Disk: Save the configuration file to an external USB disk. This option is not available if there is no USB drive inserted in the USB port.

    You can also back up to FortiManager using the CLI.
    File format The configuration file can be saved in FortiProxy format.
    Encryption

    Enable Encryption to encrypt the configuration file. A configuration file cannot be restored on the FortiProxy without a set password. Encryption must be enabled on the backup file to back up VPN certificates.

    Encryption is performed using AES-GCM algorithm.

    Restoring configuration files from the GUI

    Configuration files can be used to restore the FortiProxy to a previous configuration in the Restore System Configuration page.

    To restore the FortiProxy configuration using the GUI:
    1. Click on the user name in the upper right-hand corner of the screen and select Configuration > Restore.
    2. Identify the source of the configuration file to be restored: your Local PC or a USB Disk.

      The USB Disk option will not be available if no USB drive is inserted in the USB port. You can restore from the FortiManager using the CLI.

    3. Click Upload, locate the configuration file, and click Open.
    4. Enter the password if required.
    5. Click OK.

    Backing up and restoring configurations from the CLI

    Configuration backups in the CLI are performed using the execute backup commands and can be backed up in FortiProxy format.

    Configuration files can be backed up to various locations depending on the command:

    • flash: Backup the configuration file to the flash drive.

    • ftp: Backup the configuration file to an FTP server.

    • management-station: Backup the configuration file to a management station, such as FortiManager or FortiGate Cloud.

    • sftp: Backup the configuration file to a SFTP server.

    • tftp: Backup the configuration file to a TFTP server.

    • usb: Backup the configuration file to an external USB drive.

    • usb-mode: Backup the configuration file for USB mode.

    Command

    Description

    # execute backup config

    Back up the configuration in FortiProxy format.

    Backup your configuration file to:

    • flash

    • ftp

    • management-station

    • sftp

    • tftp

    • usb

    • usb-mode

    # execute backup full-config

    Backup the configuration, including backups of default configuration settings.

    Backup your configuration file to:

    • ftp

    • sftp

    • tftp

    • usb

    • usb-mode

    To back up the configuration using the CLI:

    For FTP, note that port number, username are optional depending on the FTP site:

    # execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]

    or for TFTP:

    # execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]

    or for SFTP:

    # execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]

    or:

    # execute backup config management-station <comment>

    or:

    # execute backup config usb <backup_filename> [<backup_password>]

    Use the same commands to backup a VDOM configuration by first entering the commands:

    config vdom
    edit <vdom_name>

    See Backing up and restoring configurations in multi VDOM mode for more information.

    Restoring configuration files from the CLI

    Configuration files can be used to restore the FortiProxy using the CLI.

    Command

    Description

    # execute restore config

    Restore a configuration that is in FortiProxy format. The file format is automatically detected when it is being restored.

    Configurations can be loaded from:

    • flash: Load the configuration file from flash to firewall.

    • ftp: Load the configuration file from an FTP server.

    • management-station: Load the configuration from a management station.

    • tftp: Load the configuration from a TFTP server.

    • usb: Load the configuration file from an external USB disk to firewall.

    • usb-mode: Load the configuration file from an external USB disk and reboot.
    To restore the FortiProxy configuration using the CLI:

    For FTP, note that port number, username are optional depending on the FTP site:

    # execute restore config ftp <backup_filename> <ftp_server>[<:port>] [<user_name>] [<password>] [<backup_password>]

    or for TFTP:

    # execute restore config tftp <backup_filename> <tftp_server> [<backup_password>]

    For restoring the configuration from FortiManager or FortiGate Cloud:

    # execute restore config management-station normal <revision ID>

    or:

    # execute restore config usb <backup_filename> [<backup_password>]

    The FortiProxy will load the configuration file and restart. Once the restart has completed, verify that the configuration has been restored.

    Troubleshooting

    When restoring a configuration, errors may occur, but the solutions are usually straightforward.

    Error message

    Reason and Solution

    Configuration file error

    This error occurs when attempting to upload a configuration file that is incompatible with the device. This may be due to the configuration file being for a different model or being saved from a different version of firmware.

    Solution: Upload a configuration file that is for the correct model of FortiProxy device and the correct version of the firmware.

    Invalid password

    When the configuration file is saved, it can be protected by a password. The password entered during the upload process is not matching the one associated with the configuration file.

    Solution: Use the correct password if the file is password protected.

    Configuration revision

    You can manage multiple versions of configuration files on models that have a 512 MB flash memory and higher. Revision control requires either a configured central management server or the local hard drive, if your FortiProxy has this feature. Typically, configuration backup to local drive is not available on lower-end models.

    Central management server

    The central management server can either be a FortiManager unit or FortiGate Cloud.

    If central management is not configured on your FortiProxy, a message appears instructing you to either enable central management, or obtain a valid license.

    To enable central management from the GUI:

    1. Go to Security Fabric > Fabric Connectors and double-click the Central Management card.

    2. Set the Status to Enabled and select a Type.

    3. Click OK.

    To enable central management from the CLI:
    config system central-management
    set type {fortimanager | fortiguard}
    set mode backup
    set fmg <IP address>
end
    To backup to the management server:
    # execute backup config management-station <comment>
    To view a backed up revision:
    # execute restore config management-station normal 0
    To restore a backed up revision:
    # execute restore config management-station normal <revision ID>

    Backing up to a local disk

    When revision control is enabled on your FortiProxy unit, and configuration backups have been made, a list of saved revisions of those backed-up configurations appears.

    Configuration backup occurs by default with firmware upgrades but can also be configured to occur every time you log out.

    To configure configuration backup when logging out:
    config system global
  set revision-backup-on-logout enable
end
    To manually force backup:
    # execute backup config flash <comment>

    Configuration revisions are viewed by clicking on the user name in the upper right-hand corner of the screen and selecting Configuration > Revisions.

    To view a list of revisions backed up to the disk from the CLI:
    # execute revision list config
    To restore a configuration from the CLI:
    # execute restore config flash <revision ID>

    Restore factory defaults

    There may be a need to reset the FortiProxy to its original defaults; for example, to begin with a fresh configuration. There are two options when restoring factory defaults:

    # execute factoryreset

    Reset the device to factory default configuration.

    The firmware version and antivirus and IPS attack definitions are not changed.

    		 
    # execute factoryreset2

    Reset to factory default configuration without losing management access to the FortiProxy.

    Interface and VDOM configurations, as well as the firmware version and antivirus and IPS attack definitions, are not changed.

    Secure file copy

    You can also back up and restore your configuration using Secure File Copy (SCP). See How to download a FortiGate configuration file and upload firmware file using secure file copy (SCP).

    You enable SCP support using the following command:

    config system global
    set admin-scp enable
end

    For more information about this command and about SCP support, see config system global.

    Previous
    Next