HP TippingPoint Next Generation Firewall manual Utilities, Display

NOTE: As you move through the context menu hierarchies, the command prompt changes accordingly. The help or display command can be entered at any level.

Configuration File Versions

When troubleshooting or needing to rollback a configuration, the current configuration setup can be viewed. Reviewing network configuration files should be a necessary step to becoming knowledgeable about your current system setup. When the device is initially configured, make sure the settings are saved to the persistent configuration with the NGFW{}save-configcommand. It’s also advisable to create a snapshot using the following command:

NGFW{}snapshot create orig_conf

Snapshots capture the configuration of a device, which can then be delivered to technical support for troubleshooting. Users can also use snapshots to save and re-apply configurations. Snapshots include the currently installed OS version, and cannot be restored on a device that is not running the same version of the OS. If a snapshot restore needs to be completed, use the following command:

NGFW{}snapshot restore orig_conf

A warning message is displayed, followed by an automatic reboot when snapshot restore is completed.

The NGFW Appliance CLI uses the deferred-commitmodel. In this capacity, the architecture maintains a set of configuration files to ensure that a working configuration is persistently maintained. This configuration set includes the following configuration files.

•Running configuration — this version is currently executing on the system. Any changes that administrators make from the edit mode (except for IPS features, action sets and notification contacts) will take effect once they have been committed, by issuing the Commit command. If changes are not committed, all modifications are discarded on exit from the running context. If multiple administrators are on the system, the version that was last committed is used as the current running configuration and is visible to other administrators, once they have exited the edit mode. A warning prompt is displayed if the committed changes would overwrite configuration that was made by another administrator since the configuration was edited.

•Saved (persistent) configuration — this is the running configuration that was last committed prior to executing the save-configcommand. NGFW copies the saved configuration to the start configuration when the system reboots.

•Start configuration — This is a backup copy of the configuration file saved at the time of system startup, and is loaded at the next system bootup. The rollback-configcommand can be used to rollback to a persistent and running configuration that was the last known good configuration.

NOTE: Future versions of the product will support multiple named saved configuration sets.

Utilities

The Display and Show commands are helpful for troubleshooting and monitoring the operational status of the system. Command line usage can be found in Root Commands.

Display

Enter display to see your candidate configuration settings for a context. Any modifications you make can be viewed using the display command. The output of the display command depends on where the command is executed. If executed at the configuration level, it displays the entire configuration of the unit. Executing the display command with a configuration name parameter, or from within a context displays the contents of that particular configuration.