USG FLEX H Series [Firewall] - how to backup/restore a configuration file

Created - Updated
Serhii Boiarynov
Print Friendly and PDF
Have more questions? Submit a request

This article explores the different types of configuration files found in the USG FLEX H Series device. Additionally, it provides insights into the process of backing up the configuration file and restoring firewall settings using the saved configuration file.

Note: Always keep a backup copy of your configuration so that you can quickly restore your firewall settings if unexpected situations arise during the installation of updates. We strongly recommend making a systematic backup of your device's configuration file.

Disclaimer!  This article offers a general overview of the series and may not apply uniformly to every model, software/firmware version. Before purchasing or using the device, please consult the model/version-specific documentation or reach out to technical support for accurate information.

Login to the device via WebGUI and navigate to  

Maintenance -> Firmware/File Manager -> Configuration File

In this section possible to make a backup of the configuration both manually and set up automatic backup on a schedule, apply the previously saved configuration, or delete unnecessary.

Overview of configuration files

startup-config.conf

  • The startup-config.conf file is the configuration file currently used by the device.
  • The startup-config.conf file is first checked for errors. If there are no errors, the device uses the startup-config.conf file as the default configuration and copies this configuration to the lastgood.conf file as a backup file.
  • If there is an error, the device creates a log, and copies the startup-config.conf configuration to the startup-config-bad.conf file, and attempts to use the existing lastgood.conf configuration file.
  • If the lastgood.conf configuration file is missing or also has an error, the USG FLEX H applies the system-default.conf configuration file.

%customerchoose%.conf

  • At any time, especially before doing major configuration changes, it is recommended to safe the current configuration. This can be done by copying the startup-config.conf and rename the copy to your preferred name

startup-config-backup-*.conf

  • before your device upgrades to a new firmware, the startup-config is copied to the startup-config-backup-*.conf

Note:  at the end of the article, you will find new features on testing, debugging and working with configuration file New Features and Enhancements in Version 1.20.

How to make a copy/backup of the configuration file

Timely backup of the configuration file can prevent many problems after failures and other unforeseen situations. In addition, it is important to emphasize that backups created on the device are stored locally on the device itself. Therefore, it is recommended that you take care and store these configuration files on alternate secure storage devices in accordance with your organization's established procedures. This practice provides secure and easily accessible storage for configuration backups.

  • Scheduled configuration backup

Login to the device via WebGUI and navigate to

Maintenance -> Firmware/File Manager -> Configuration File
  • Enable Auto Backup Schedule
  • Choose the frequency and time
  • "Apply" changes 

  • Manual configuration backup
Maintenance -> File Manager -> Configuration File

Select startup-config.conf and click on the "Download" button

Error Handling

When applying a configuration file, the firewall generates error messages if it encounters unsupported commands or incorrect configurations.

Apply Config Fails: This message appears if there are issues with the configuration file.

Event Logs: Detailed error messages, including line numbers, are logged for troubleshooting.

Stage 1 and Stage 2 Errors Stage 1

Error: Occurs due to wrong CLI formats, such as invalid syntax or typos.

Example: GE1 enable true (missing "d" in "enabled").

Stage 2 Error: Occurs due to missing required settings or non-existent objects.

New Features and Enhancements in Version 1.20

Test Configuration Option

  • Administrators can use the test option to validate a new configuration file before applying it. This helps ensure the configuration is error-free and ready for deployment.

Debug Log File

  • If errors occur during the application of a configuration file, a debug log file is created. This file can be accessed via FTP and downloaded for troubleshooting.

File Header in Configuration Files

  • Version 1.20 introduces a file header in configuration files, providing details such as file type, model name, date, and firmware version. This helps ensure compatibility when applying configurations.

USB Configuration Management

  • Administrators can copy configuration files to a USB storage device using the CLI command. This facilitates easy backup and restoration.

Practical Steps

Testing and Applying Configurations

  • Go to the web GUI or CLI.

  • Use the test option to validate the configuration file.

  • Review any errors in the event logs.

Accessing Debug Logs

  • Connect to FTP

  • Use the command: ftp <firewall_ip>

  • Navigate to the /tmp directory.

  • Download the apply-config-error file for detailed error analysis.

Managing Configuration Files via USB

  • Connect to CLI

  • Use the command: CMD config apply startup to USB

Articles in this section

See more
Was this article helpful?
1 out of 1 found this helpful
Share