Revert Firewall Configuration Changes
Focus
Focus

Revert Firewall Configuration Changes

Table of Contents
End-of-Life (EoL)

Revert Firewall Configuration Changes

Revert operations replace settings in the current candidate configuration with settings from another configuration. Reverting changes is useful when you want to undo changes to multiple settings as a single operation instead of manually reconfiguring each setting.
You can revert pending changes that were made to the firewall configuration since the last commit. The firewall provides the option to filter the pending changes by administrator or location. The locations can be specific virtual systems, shared policies and objects, or shared device and network settings. If you saved a snapshot file for a candidate configuration that is earlier than the current running configuration (see Save and Export Firewall Configurations), you can also revert to that snapshot. Reverting to a snapshot enables you to restore a candidate configuration that existed before the last commit. The firewall automatically saves a new version of the running configuration whenever you commit changes, and you can restore any of those versions.
  • Revert to the current running configuration (file named running-config.xml).
    This operation undoes changes you made to the candidate configuration since the last commit.
    To revert all the changes that all administrators made, perform one of the following steps:
    • Select
      Device
      Setup
      Operations,
      Revert to running configuration
      , and click
      Yes
      to confirm the operation.
    • Log in to the firewall with an administrative account that is assigned the Superuser role or an Admin Role profile with the
      Commit For Other Admins
      privilege enabled. Then select
      Config
      Revert Changes
      at the top of the web interface, select
      Revert All Changes
      and
      Revert
      .
    To revert only specific changes to the candidate configuration:
    1. Log in to the firewall with an administrative account that has the role privileges required to revert the desired changes.
      The privileges that control commit operations also control revert operations.
    2. Select
      Config
      Revert Changes
      at the top of the web interface.
    3. Select
      Revert Changes Made By
      .
    4. To filter the Revert Scope by administrator, click
      <administrator-name>
      , select the administrators, and click
      OK
      .
    5. To filter the Revert Scope by location, clear any locations that you want to exclude.
    6. Revert
      the changes.
  • Revert to the default snapshot of the candidate configuration.
    This is the snapshot that you create or overwrite when you click
    Config
    Save Changes
    at the top of the web interface.
    1. Select
      Device
      Setup
      Operations
      and
      Revert to last saved configuration
      .
    2. Click
      Yes
      to confirm the operation.
    3. (
      Optional
      ) Click
      Commit
      to overwrite the running configuration with the snapshot.
  • Revert to a previous version of the running configuration that is stored on the firewall.
    The firewall creates a version whenever you commit configuration changes.
    1. Select
      Device
      Setup
      Operations
      and
      Load configuration version
      .
    2. Select a configuration
      Version
      and click
      OK
      .
    3. (
      Optional
      ) Click
      Commit
      to overwrite the running configuration with the version you just restored.
  • Revert to one of the following:
    • Custom-named version of the running configuration that you previously imported
    • Custom-named candidate configuration snapshot (instead of the default snapshot)
    1. Select
      Device
      Setup
      Operations
      and click
      Load named configuration snapshot
      .
    2. Select the snapshot
      Name
      and click
      OK
      .
    3. (
      Optional
      ) Click
      Commit
      to overwrite the running configuration with the snapshot.
  • Revert to a running or candidate configuration that you previously exported to an external host.
    1. Select
      Device
      Setup
      Operations
      , click
      Import named configuration snapshot
      ,
      Browse
      to the configuration file on the external host, and click
      OK
      .
    2. Click
      Load named configuration snapshot
      , select the
      Name
      of the configuration file you just imported, and click
      OK
      .
    3. (
      Optional
      ) Click
      Commit
      to overwrite the running configuration with the snapshot you just imported.
  • Restore state information that you exported from a firewall.
    Besides the running configuration, the state information includes device group and template settings pushed from Panorama. If the firewall is a GlobalProtect portal, the information also includes certificate information, a list of satellites, and satellite authentication information. If you replace a firewall or portal, can you can restore the information on the replacement by importing the state bundle.
    Import state information:
    1. Select
      Device
      Setup
      Operations
      , click
      Import device state
      ,
      Browse
      to the state bundle, and click
      OK
      .
    2. (
      Optional
      ) Click
      Commit
      to apply the imported state information to the running configuration.

Recommended For You