Chapter 5 – Best Practices

Performing a configuration backup

Once you configure the FortiGate unit and it is working correctly, it is extremely important that you backup the configuration. In some cases, you may need to reset the FortiGate unit to factory defaults or perform a TFTP upload of the firmware, which will erase the existing configuration. In these instances, the configuration on the device will have to be recreated, unless a backup can be used to restore it.

It is also recommended that once any further changes are made that you backup the configuration immediately, to ensure you have the most current configuration available. Also, ensure you backup the configuration before upgrading the FortiGate unit’s firmware. Should anything happen during the upgrade that changes the configuration, you can easily restore the saved configuration.

Always backup the configuration and store it on the management computer or off-site. You have the option to save the configuration file to various locations including the local PC, USB key, FTP and TFTP site.The latter two are configurable through the CLI only.

If you have VDOMs, you can back up the configuration of the entire FortiGate unit or only a specific VDOM. Note that if you are using FortiManager or FortiCloud, full backups are performed and the option to backup individual VDOMs will not appear.


To back up the FortiGate configuration – web-based manager:

1. Go to Dashboard.

2. On the System Information widget, select Backup next to System Configuration.

3. Select to backup to your Local PC or to a USB Disk.

The USB Disk option will be grayed out if no USB drive is inserted in the USB port. You can also backup to the

FortiManager using the CLI.

4. If VDOMs are enabled, select to backup the entire FortiGate configuration (Full Config) or only a specific VDOM

configuration (VDOM Config).

5. If backing up a VDOM configuration, select the VDOM name from the list.

6. Select Encrypt configuration file.

Encryption must be enabled on the backup file to back up VPN certificates.

7. Enter a password and enter it again to confirm it. You will need this password to restore the file.

8. Select Backup.

9. The web browser will prompt you for a location to save the configuration file. The configuration file will have a .conf extension.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.