Created on 02-18-2010 07:43 AM Edited on 12-16-2021 04:55 PM By Anonymous
Description
This article explains the utilization of the "execute backup config" and the "execute backup full-config" and the expected output available in the saved configuration files.
Scope
All FortiOS versions
Solution
When performing an "execute backup" of the configuration file on the FortiGate, there are 2 ways this file can be saved either as a "config" or as a "full-config".
The difference can be described in the following way:
When navigating on the CLI, if you were to perform a "show config" this will show the configuration in its basic format, however performing the "show full-config" you are effectively asking the FortiGate to show everything including the default values:-
show full = show + default values
This can also be true of the way the FortiGate saves the configuration files within the 2 scenarios either as a "config" or a "full-config", the "full-config" will include also all default values within the saved file.
For example here below we save a full-config file from a device via ftp to a ftp server:-
FGT200A-1 # execute backup full-config ftp fgt.200A_full.conf 192.168.183.2 fortinet fortinet
Please wait... Please wait... Connect to ftp server 192.168.183.2 ... Send config file to ftp server OK. |
Previously as an "execute backup config" was performed we can compare the output from 2 sub-menus for a protection profile "unfiltered", this is the excerpts from the "execute backup config" and "exec backup full-config"
"execute backup config"
edit "unfiltered" config log set log-web-ftgd-err enable end set ftp no-content-summary set http no-content-summary set https no-content-summary set imap fragmail no-content-summary set pop3 fragmail no-content-summary set smtp fragmail no-content-summary splice set nntp no-content-summary config app-recognition edit "http" set port 80 next edit "https" set port 443 next edit "smtp" set port 25 next edit "pop3" set port 110 next edit "imap" set port 143 next edit "nntp" set port 119 next edit "ftp" set port 21 next end unset im unset http-post-lang set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking next end |
"execute backup full-config"
edit "unfiltered" set webbwordthreshold 10 set spambwordthreshold 10 set httpoversizelimit 10 set ftpoversizelimit 10 set imapoversizelimit 10 set pop3oversizelimit 10 set smtpoversizelimit 10 set imoversizelimit 10 set nntpoversizelimit 10 config log set log-app-ctrl disable set log-av-block disable set log-av-oversize disable set log-av-virus disable set log-dlp disable set log-ips disable set log-spam disable set log-web-content disable set log-web-filter-activex disable set log-web-filter-applet disable set log-web-filter-cookie disable set log-web-ftgd-err enable set log-web-invalid-domain enable set log-web-url disable end set ftp no-content-summary set http no-content-summary set https no-content-summary set http-retry-count 0 set imap fragmail no-content-summary set pop3 fragmail no-content-summary set smtp fragmail no-content-summary splice set smtp-spamaction discard set smtp-spamtagtype subject spaminfo set smtp-spamtagmsg "Spam" set smtp-spamhdrip disable set smtp-spam-localoverride disable set pop3-spamaction tag set pop3-spamtagtype subject spaminfo set pop3-spamtagmsg "Spam" set nac-quar-infected none set imap-spamaction tag set imap-spamtagtype subject spaminfo set imap-spamtagmsg "Spam" set filepattable 0 set webbwordtable 0 set weburlfiltertable 0 set spambwordtable 0 set spamemaddrtable 0 set spamipbwltable 0 set spammheadertable 0 set spamrbltable 0 set spamiptrusttable 0 set content-header-list 0 set nntp no-content-summary set ips-sensor-status disable set application-list-status disable config app-recognition edit "http" set inspect-all disable set port 80 next edit "https" set inspect-all disable set port 443 next edit "smtp" set inspect-all disable set port 25 next edit "pop3" set inspect-all disable set port 110 next edit "imap" set inspect-all disable set port 143 next edit "nntp" set inspect-all disable set port 119 next edit "ftp" set inspect-all disable set port 21 next end set mailsig-status disable set mail-sig '' unset im set comment '' set dlp-sensor-table '' unset http-post-lang set replacemsg-group "default" set httpcomfortinterval 10 set ftpcomfortinterval 10 set httpcomfortamount 1 set ftpcomfortamount 1 set httppostaction normal unset safesearch set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking set ftgd-wf-enable g01 g02 g03 g04 g05 g06 g07 g08 g21 c01 c02 c03 c04 c05 c06 set ftgd-wf-disable g22 set ftgd-wf-allow all unset ftgd-wf-log unset ftgd-wf-ovrd next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.