conf - Manage the whole configuration


[1] conf [diff]

[2] conf load (ftp | sftp | tftp) <file-server> <file-name>

[3] conf save (ftp | sftp| tftp) <file-server> <file-name> [new]

[4] conf factoryreset

[5] conf manager (template <template-id> | ateway <gateway-id>)


Without any argument this command displays both the running and the new (not yet applied) logical configuration. It allows you to view all parameters at once before applying (using the command apply). When the optional argument diff is given, only the difference between the current and the new configuration is displayed.

In the second usage form, the load argument allows you to load a configuration file located on a file server. Only trusted file servers are allowed. Trusted file servers are defined with the access command. The load usage form requires three mandatory arguments. The first argument is the protocol name (ftp, sftp, or tftp). The second argument is the name or IP address of the file server. The third argument is the configuration file name.

When tftp is used the configuration file must exist and be accessible on the file server. The file must contain a set of valid configuration commands. Empty lines or lines beginning with the character "#" are ignored. The loading of a configuration file does not affect the running configuration. The command apply must be used to apply the new loaded configuration.

The third usage form is used to save the configuration in a file located on a trusted file server. This usage form requires the same arguments described for the load usage form. By default this command saves the running configuration (also called the current configuration). To save the new configuration (not yet applied) use the optional argument new. The saved file contains a list of configuration commands that can be loaded afterwards using the conf load usage form. Please note that when a setting is in the form of a list, the saved setting begins by a command that erase the whole list before adding new entries to the the new created list. This rule applies to all settings that are present in the system in two versions (the running and new versions). For lists that are present in the system only in one version (ie. the running and the new are the same), no erase command is saved. For instance, this is the case for templates on a manager system.

Also, please note that:

• Passwords used to connect to external services like SNMP managers or LDAP servers are always saved in an encrypted format. However as the encryption is done after the apply operation, parts of a new configuration that contain clear passwords are never saved.

• The fBconf command saves/loads the logical configuration only and not all files related to the configuration (such as SSL certificates or the antivirus signature base). To load or save files related to the configuration you can use appropriate commands or the file command to load or save all files in one operation.

The fourth usage form (factoryreset) is used to make a factory reset of the configuration. When using this usage form, all parameters are set to their initial values. Please note that the administration passwords used to connect to the system are not part of the configuration and thus are not reset when using the 0

The fifth usage form is only available on manager systems and only inside a template of gateway configuration context. This usage form allows you to quickly make a gateway configuration based on a template or another gateway configuration (the source configuration). Please note that this operation has an immediate effect on a (ie. does not require to use the apply command). You can refer to the manager command for further information. The built configuration inherit from all source configuration except from the following settings that normally are unique:

• The gateway Hostname (see the hostname command).

• Internal and Auxiliary IP addresses (see the ip command).

• All VRRP IPs (see the vrrp command).

• IP routes and Via Gateways (see the ip command).

• Transparent Web networks (see the transparent command).

• Access lists associated to Internal and Auxiliary interfaces (see the access command).

• All settings related to the embedded DHCP server (see the dhcp command).

• Firewall rules associated to Internal and Auxiliary interfaces (see the firewall command).

• Via Gateways and local networks for VPN IPsec tunnels (see the vpnipsec command).

• Via Gateways for reverse Web sites (see the rweb command).

• Share and HA peers (see the peer command).

• Client TLS objects.


access (1) apply (1) file (1) manager (1) system (1)


CacheGuard Technologies Ltd <>

Send bug reports or comments to the above author.


Copyright (C) 2009-2024 CacheGuard - All rights reserved