11.2.9.1. Configuration storage and restoration

The methods for configuration storage and restoration with vSRX are described in this section.

Operation Confirmed Version:
 vSRX Version15.1X49-D105.1

Note

  • It has been identified that the CPU values of the control plane tend to become high under specific scenarios when ver.15.1X49D105.1 is used. For occurrence conditions and details to note, refer to Points to note when using ver.15.1X49D105.1 .

Note

When login is performed with root, the default location is /cf/root directory. Therefore, if the configuration file names below are written with relative paths not absolute paths, the location under /cf/root is specified. Keep this in mind when referring to the following procedure.
  • save file name

  • file show file name

  • load set file name

Method for saving the configuration in a file

The current configuration is saved in the storage area in vSRX. For vSRX, the configuration is automatically saved when committing is executed. When intending to save the configuration using another file name, use the following procedure:

1. Save the configuration.

Move to the configuration mode, and enter the save command.

user01@vSRX-03> configure
Entering configuration mode

user01@vSRX-03# save CURRENT_CONFIG.conf
Wrote 222 lines of configuration to 'CURRENT_CONFIG.conf'

2. Confirm success of the storage.

The storage of the configuration file can be confirmed by performing a file show command.

user01@vSRX-03> file show ?
Possible completions:
  <filename>           Filename to show
  CURRENT_CONFIG.conf  Size: 5349, Last changed: Mar 19 08:03:31
  encoding             Encode file contents

user01@vSRX-03> file show CURRENT_CONFIG.conf
## Last changed: 2018-03-19 08:03:02 UTC
version 15.1X49-D100.6;
system {
    host-name vSRX-03;
    root-authentication {
(省略)

Method for loading the configuration file

  • The command for loading the saved configuration file is described in this section.

  • When the configuration file is to be loaded, take, for example, the following measures not to mistakenly alter or delete the configuration file (for service provision) which has been set by the service provider: excluding that configuration file from the configuration file to be loaded; making changes in accordance with vSRX of the file loading destination.

  • For the reasons why alteration and deletion of the configuration file are inhibited, refer to the Service Instruction Manual ‘Restrictions <https://ecl.ntt.com/en/documents/service-descriptions/firewall-vsrx/vsrx.html#id30>’_.

  • For the configuration file which is set by the service provider at the time of Firewall (vSRX) creation, refer to ‘Descriptions of the configuration set up by the service provider <https://ecl.ntt.com/documents/tutorials/rsts/vSRX/providerconfiguration/providerconfiguration.html>’_.

Note

It is assumed that the configuration has been saved in the storage area in vSRX.

1. Load (Adding) the configuration file.

Execute the load set command to add the saved configuration file to the existing configuration.

user01@vSRX-03> configure
Entering configuration mode

user01@vSRX-03# load set CURRENT_CONFIG.conf
load complete

[edit]
user01@vSRX-03# show
## Last changed: 2017-11-12 01:14:14 JST
version 15.1X49-D100.6;
system {
    host-name vSRX-03;
    time-zone Asia/Tokyo;
(省略)

Note

At this point, the added file is not yet used for the operation configuration of vSRX.

Note

To load the configuration file in the json file format, execute the load merge command.

2. Check the configuration difference.

The configuration difference can be checked with the show | compare command.

[edit]
user01@vSRX-03# show |compare
[edit system]
+  host-name vSRX-03;
+  time-zone Asia/Tokyo;
-  time-zone America/Chicago

Note

+:Newly added settings
-:Deleted or replaced settings

Note

To restore the previous configuration, use “rollback ?” to identify the configuration to be restored and restore the desired configuration status. Normally, “rollback 0” turns out.

3. Reflecting the configuration

Execute the commit command to move to the operation configuration.

[edit]
user01@vSRX-03# commit
commit complete

Note

To restore the previous configuration after executing committing because the expected performance did not result, use “rollback ?” to identify the configuration to be restored and restore the desired configuration status. Normally, “rollback 1” turns out.