74. Lecture-74:Backup & Restore, Revision & Firmware Upgrade.
Another topic. We have BAKEUP and restore. How we can do BAKEUP and restore in 40 gate firewall makeup is very important, you know, to keep your configuration. You can keep this configuration inside your Firewall and outside either in USB, on hard drive, in any other network area. And you you can take backup through local PC. USB you can take through FTP, you can take them to TFTP FTP and TFTP is only available through CLI and local PC and USB is available through graphically. It’s up to you. So I will show you both graphically as well, ncli as well, how to take FortiGate Firewall backup. So in case if something goes wrong, either firewall is down or something goes wrong.
So you can restore the backup and for everything you have to keep the backup graphically. It’s very easy. When you click on your name on top right at corner and go to configuration, there is backup and stone and revision. First one is to take a backup. There are two options, local PC and USB desk because we are using virtual. So if you did not put USB, it will not show you here. Because we are using virtual, we cannot put USB there. So it’s not showing anything. Encryption means if you want to take VPN, backup certificate as well, encryption like in this case we are using VPN. If you want to make up VPN related things certificate as well, then on this one, encryption and password means to just protect the data.
So whenever somebody try to open this file, when you download so it will ask the password and when somebody upload it will ask the password. So password is for protection and encryption means to keep USBN certificate detail and when you click it will ask you where you want to store your data on your machine. Just tell him where you want to put the file extension will be config this the file extension config and also you can take backup through TFTP and FTP which I will show you. Just execute backup config TFTP and give them any name and rearrange the TFTP server and give them any password they set. And also restore is the same. And also restore can be done through CLI. Execute restore rather than backup, just type restore. For FTP it require a username and password. For Tftpa it doesn’t require username and password. This is the only difference. So now let’s go and do it. So let me log into this powerwall admin one, two, three. Okay, there is no password so admin enter one two, three, n one two, three shoe system interface. So let’s get this IP, let me copy this IP and type in browser admin n one, two, three. Now in this case let me type begin firewall. Okay, in this case it’s my Firewall. And suppose this one is the TFTP server. Either FTP server, either you want to take back up here, either on this system it’s up to you. So go to firewall when you log in. On top right corner there is configuration. Click on backup. Let me see what we have. So our interfaces name are there or not. So my let me give them name when so do some changes and see them and put two let me give them name lane and type the IP 192, 168, 100, suppose anything.
So basically we done two changes lane and vain name. And let me put DNS as well. Suppose I type a dot, a dot eight and one dot, one dot, one dot one suppose now I want to take a backup. Go to configuration backup. And here which I told you local PCR want to encrypt to type the password 123456 suppose and 123456 n. Okay, now it will ask you where you want to store. Here is the file if I click on it. So I store here if I try to open it, so it will be garbage. Yes. Here this the backup. This is the easy way to take a breakup. Now suppose if I tomorrow something I change seven, I change the DNS and by mistake something has gone wrong and lane I put them lane, lane and then something else and I done some changes and something wrong. So what I need to do go to admin system sorry, configuration restore click on upload and where is your download which is and download this one, put that one and put the same password which we typed when we taking backup 123456 N. Okay, it says that we will reboot quickly. It will not take that much time and after reboot it will be late now and DNS will be eight eight eight. Will we take backup in that time DNS was eight eight. Later on I change deliberately to seven, seven, seven and this way it will restore the backup whatever it is there. So when it’s restored, let’s go to this was so easy to restore. We can take backup through CLI as well. For that purpose. I need TFTP server. So I can make this as a TFTP server which I’m connected here. Either I can make this server as a TFTP server either. This one, let me see if we have a TFTP server in this. So we will take here sometime. There is by default any server this one. So we have our TFTP server is there, but FTP is not there. So better to copy quickly. Download. Let me show you here.
So you will see from the scratch. There is three CD one which is all the things. So let me type three C demo application download this three CD one and TFTP is also there. FTP is there so we can use them for any purpose. Okay, so let’s go to this one download save. Okay, so this is Tcdemon. TCD one is a small utility which you can use to make them as a TFTP FTP syslog and for many other purpose. You can use them. You can download from this website. Okay. And after download just click Next. Yes, next and done. That’s it. And my TFTP and everything server is ready. Let me go to where this is received a month. So it’s listening on this IP 100 is IP address of this server. Let me configure TFTP directory. So let me say my directory is let me create a directory here on desktop folder TFTP suppose anything and let’s go to TFTP directory. This is my TFTP directory. I change them to here and also go to FTP and change FTP directory as well. And also choose the same.
So for FTP and TFTP I have the same directory where they will store the things. But FTP require a username as well. Here is the username. Let me type admin and 123456 is the password 123456 OK and allowed them anything to this user. Change directory, allow delete and everything and apply and okay, so far FTP keep in mind FTP is a different protocol. TFTP is different. FTP requires username and password. So I create admin with password 123456 and FTP and I give them same directory. Just the listening port for FTP 21 for TFTP, listening port is 69. So keep open this one. And what is the IP? 100. Now let’s take a backup through one, two, three okay, I restored them. Yeah. Now if you check you will see DNS and those things are restored if I go to network because firewall has started. Now look at this lane and when it’s correct them and also DNS by mistake or type seven, it’s become eight now. So it’s working, means the backup work. Now how to take backup through command base type here execute BAKEUP configuration backup configuration TFTP. Now they say give them a name. Suppose I say backup one BK one suppose next they are asking IP address of TFTP. So this is our TFTP IP. It’s mentioned there. And also you can copy from here 100. This our TFTP server IP which is this server by the way. This one. So I say this. The IP. And next it’s asking the password. Optional password. If you don’t want it’s okay just enter. Let’s see if everything is okay.
So it saved the file there. Let’s go there which directory we gave them? We are okay, receive BK done. It means it received them. Yes, BK is done here. And if we want to open them and note paid. So this is the backup and we can see all the configuration because there is no restriction. So it’s showing everything. So this is the way to take backup through TFTP. But for FTP we need a user. So we already create a user with Edmund and admin. One, two, three let me take a breakup through FTP. Now only thing is to change execute makeup instead of TFTP. Put FTP and let me make this as a two end user, but question mark now is asking user name, it’s not like the other one. So Edmund, we create there and the password for FTP 123456. You remember, we create there and enter and done this. The only differences require a username and password. And if we go here, there will be another file as well. Yes. BK two. So BK Two we done through FTP and BK one, we done backup as a TFTP. And if you go to FTP, there is a file, they say this now, how we can restore them? So let’s do some changes in the firewall. Suppose by mistake I type here nine dot, nine dot, nine and one, one, one and what else? Let me put something. Suppose in address group it a static route. Let me create a static route. By mistake I create a static route, 192-16-8111, whatever, because you need to correct them. 192, 168, 101. Suppose now I say what I’ve done because there is no reverse, something you can delete, but you can use the same command to restore like a graphically, which we restore.
So, let me go to first command TFTP. The only thing you need to instead of makeup, say restore configuration TFTP and our file was I think so BK, let me go to any file. By the way, you can restore the TFTP at BK One is correct. Okay, so BK One from Weir 192, 1600 and enter it, say yes and this is done. Now, if we check, this default route hasn’t to be there, but it requires a reboot. So let’s see, because when I take backup, their time default route was not there. So if my command is working and they restore them properly at their time, default route was not there. So system is rebooting whenever you restore, so it will reboot the system after reboot when you check, so there will be no default route. And the same way you can use FTP to restore. I will show you the command, but I will not apply just to save some time. So we execute this one and take a breakup.
And also you can use FTP as well. It’s up to you which one you want to use. And you can use restore them as well. And also we restore graphically as well. It’s up to you. So it’s login now admin one, two, three and now let’s go and log in. And let’s see. Default route is there or not there and hasn’t to be there. Yeah, static route is not there because it’s been restored in the same case, what you can do, execute restore configuration, sorry, execute restore config FTP. And what was the backup backup to? You can restore backup one as well. And what was the IP? 192 one 6800. But here you need to put the username username is admin, password is 123456 and enter. Yes, it will reboot and it will restore them, but it already restored, so it’s no issue until it’s restore.
Let’s go to discuss another thing which is related here and that is configuration revision configuration revision revision means to check to revision option. You can take revision like a different version. So whenever you need to compare either you want to restore and go back to the other one you can use this method but it’s required minimum 512 or high flash memory in your firewall. Normally it’s there. From here we can take revision go to the same place admin configuration, revision and from there you can take revision, you can differentiate revision, you can revert back, you can check the details, you can delete revision and you can save revision. It’s like a backup copy to take them and whenever you want to go back to the other one, whenever you want to do something take a revision copy before. So let me log in to show you one, two, three so if I click on admin configuration there is third option revision there is no revision save changes. Suppose I save first changes first changes this is my first revision before I am doing something wrong I create a copy like a copy revision copy this one and now let’s go to DNS and change something. Where is Network DNS? So my DNS let’s create a default route. Suppose we don’t have default route. Let me create a default out 192, 100 and 6800 one and okay and now lice create configuration, revision save changes, default route change and okay and so on so whenever you do changes you can take a copy. So this is my first change and their time default route was not there. If you click control and choose both you can differentiate it will show you what is the difference. It will show you the difference. What is the difference between these two? With the red one.
It means you don’t have change something and it will show you. By the way, we’ve done. This one gateway green. Sorry. This one, we add this route and if you want to delete and if you want to check one detail, click on one and you can see the detail of this one. And this one, the detail of the other one. Now let me go to the first change revert n okay so it will revoke and it will take me there. So basically you store the copy inside the firewall and whenever you use some changes before changes, keep a revision copy. So you can go back directly without from restore and do everything but all cases, all three cases you need to reboot. So this is called a revision. Last thing related to here is restore factory default sometime maybe you require to reboot and restore your DeVos device to factory reset means the first win it was nothing configured there. Maybe you have a device you buy from some market and you want to reset to factory default. Either you have an old device and you want to plug them to the network but before plug them in the network, you want to restore them to factory resetting, factory setting. Either, for some reason, something goes wrong and there are many things configure but now you say how I can delete one by one. So rather than to configure 1000 things, why not restore them? So for that purpose, we are using two command. Execute factory reset and execute factory reset. Two there is difference between these two. Execute factory reset.
It will wash out each and everything. It will be fresh. Like whenever it was come out from factory initial but factory reset too it will keep many things like your interface is detailed you know last time I just used it let me show you by the way admin and one, two, three if I log in here you will see my interfaces detail are there and password and everything is set here So let me go to interfaces. So my interface is IP is 100 and here is 100 234 but rest. Of everything I want to delete like a static route and policies and many things let me create a static route quickly 101 suppose interface is when okay? And let me create some DNS and Sdwen and ripen many things policies everything. Suppose you have everything but you just want that delete each and everything. Suppose policies let me create quickly policies as well. Let me create this the policy coming from when source can be all and this should be all and quickly. That’s it. Create addresses, address group, internal Internet service services, scheduled, virtual, so many things configure what you need to do. You want it execute factory reset too. And yes, it means that reset everything. Except system, global Vdomes VDOM detail, system detail and system setting router, static router, all those things. But it will keep interfaces, detail and all those steps so it will reboot. Let them reboot. And if we refresh, we will see. That these things are reset or not because we type factory resetto. Execute factory resetto. Let them restart.
Reset. So these are the two command where you can use through CLI to reset 40 gate firewall. Let’s see if it has come up or not? Okay, just 1 minute. Here it’s login now. And let’s see. Check it. Okay, Admin and one, two, three. Okay, Admin and there is nothing old. Password is nothing new. Is one, two, three new? Is one, two, three. They reset the password. At least one thing is confirmed. Admin and one, two, three, begin. Hostname is also reset. Now let’s see what they’ve done. The other stuff. Look at Interface IPS there. Let’s go. To DNS. DNS is reset. Let’s go to static route. Static route is there. It will keep policy. It will delete. It deleted. So static route, default route, interfaces, detail they will keep nvpn detail they will keep in rest. Everything will be reset. But if you use what factory reset two admin one, two, three. And the last one is execute. Factory reset. It will reset each and everything. Just initial ICA. So I don’t want to put because I want to show you another thing which is firmware. Suppose you want to upgrade your operating system. Now operating system is which one? Dashboard status. We are using firmware version 624 and built as 1112. But we have the latest one. You can download the latest one. If you have a license, go to support 40. Net, login to 40. Net support with your user account, whatever. If you are using and login and download the latest firmware from here go to firmware Images. Download and firmware images go to download. Click on download here choose the product 40 gate which version? We have 6. 24, so let me go to six. They have 2345 and six. Now the latest one is 6. 4. The one which we have 6. 2. I want the latest one 6. 4 somewhere, which is the latest one. Then when I go inside SS 6. 46 twice and no, no, give me the totally the latest one.
And these are the different model firmware. The one which we are using, we are using virtual one. This one VM 64 KVM. So let’s go to control Fkvm. So let’s go to KVM. This one fgvm 16, KVM six. This is the build one. And let me download this one with the extension out. Extension out. This is from where the other one is the install from the scratch. This one the zip one. This one is the so let me download this latest one. Extension is out. Okay, there’s the extension. So I download the latest from where and I want to upgrade. So I went to there and download from here. Now I’m using 6. 24 and now I want to upgrade them. So what I need to do click here and go to update from where and system. So it’s download and download folder. It’s okay, either you can go to System, it’s up to you. Either you can go from somewhere here as well. Let’s show you. But anyway that’s my version. Keep in mind let me take a screenshot of this one because it will upgrade after that one. Print screen and V. Let me take a snipper just for the sake to show you the test change or not. Okay, this one now click on browse and the one which we download this one just downloaded this one and choose that file. They will say it will update and distant blah blah blah. I say backup configuration before you want to upgrade. They said just take a breakup. We already take, but anyway let me take again and click okay, so they take the backup before the upgrade. Okay. And our version was this one 6. 24.
Now you will see it will be the latest up to date operating system. So we will log in there and you backup configure, upgrade and continue. And after that when you check, it will be updated to the latest firmware. So that’s the method. But before you do this practice, you need to check the documentation which things you are using. These are the different model. You know, this is said DSL 160 E 600 D 500 E, one which model you are using. And here is a documentation upgrade. Path is rule documentation and release note as well. You can check both and they will show you step by step guide. This one for every build number and for every documentation. So you have to follow that rule. Then you have to do anyway, let me see if it is updated. So it’s still taking some time and after that you will see it will be up to the latest operating system which we call them Firmware.
Okay, so now let’s go to and just refresh to maybe 34. Okay, estelia has come up here. So Admin and one, two, three and here Edmund. And one, two, three. Hopefully it will be upgraded to the latest one and we can check from here. Okay, so now if you check, this one is 24 and this one become four two. Build number is 1112 and this is 1723 and this is the latest firmware operating system six four two. This is six two four. Keep in mind, don’t be confused. And even in six four two there is many things are changed. 40 view is like this one, so it will change many things like okay, so it’s become a new operating system. And if you go to system Firmware okay, it’s showing here as well. Okay. No firmware available. If you have a license, it will show you here as well. By the way, because this is not a license one. So that’s why it’s not showing here. If you register them with 40 guard, we discuss 40 guard. Yeah, so that’s why. So this was the method how we can.
