Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Manage Configuration Versions

Configuration files in Juniper Security Director Cloud are created when the device configuration data from managed devices are backed up to the Juniper Security Director Cloud database for the first time.

A separate configuration file is created in the database for each managed device. Each time the configuration of a device changes, a new version of the configuration file is created on the device, which can then be backed up to the Juniper Security Director Cloud database or to a remote server at a fixed time or at a set recurrence interval periodically.

Centralized configuration file management enables you to maintain multiple versions of your device configuration files in Juniper Security Director Cloud. This helps you recover device configuration files in case of a system failure and maintain consistent configuration across multiple devices.

Note:

When you change the configuration of a device using Juniper Security Director Cloud, the portal processes this configuration change in a similar manner to a scenario where you would change the configuration without using Juniper Security Director Cloud.

In both such scenarios, the device becomes out of sync with Juniper Security Director Cloud's security policies. Juniper Security Director Cloud overwrites such device configurations with the original configuration when it deploys the security policies again. Use the configuration preview option to view the configuration changes.

You must resynchronize out-of-sync devices with Juniper Security Director Cloud. See Resynchronize a Device with Juniper Security Director Cloud.

The following sections describe how you can pin important configuration versions, edit a configuration version description, roll back to a particular configuration version, or compare two configuration versions.

View Configuration Versions

You can view information about all configuration versions of a device that are backed up in the Juniper Security Director Cloud database.

  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Select the device or device cluster to view the configuration versions, and click More >Configuration Versions.

    The Configuration Versions page opens displaying the previous ten configuration versions for the selected device or device cluster in the Version History pane. The page displays the following information:

    • Version Number—The version number of the configuration file. The files listed in order of the most recent to the oldest versions.
    • Name—The name of the configuration versions. This is the device serial number with the .conf file extension.
    • Creation Date—The date and time the different versions of the configuration are created in the Juniper Security Director Cloud database. Version 1 corresponds to the time when you back up a device configuration for the first time from the device.

    By default, Juniper Security Director Cloud stores the previous ten configuration versions.

  3. Select any configuration file to see a preview of the file in the Preview pane on the right side of the page.

Edit Configuration Version Description

You can edit the description of each configuration version to make them intuitive to understand when you want to pin or rollback to a particular configuration version.

  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Select the device or the device cluster to view the configuration files, and click More >Configuration Versions.

    The Configuration Versions page opens displaying the previous ten versions of the configuration files for the selected device or the device cluster in the Version History pane.

  3. Select the configuration version to edit the description, and click on the top right of the page.
    The Add Description page opens.
  4. Update the description as required, and click OK.

The updated description of the configuration version is displayed in the Configuration Versions.

Pin a Configuration Version

By default, Juniper Security Director Cloud, stores the previous ten configuration versions of a device or a device cluster. If the number of backed up configuration versions exceeds ten, the oldest configuration version is deleted and the latest version is stored.

Juniper Security Director Cloud allows you to pin certain configuration versions as important. These versions can be either golden versions without errors or configurations for specific requirements. Pinned configuration versions are never deleted even when new configuration versions are created. You can pin a maximum of three configuration versions as important.

If you have already pinned three configuration versions and pin a fourth configuration version, the first pinned configuration version is deleted. For example, if you pinned Version 1, Version 2, and Version 3 in succession, and if you pin Version 4, the pinned Version 1 is deleted.

  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Select the device or device cluster to view the configuration files, and click More >Configuration Versions.

    The Configuration Versions page opens displaying the previous ten versions of the configuration files for the selected device or the device cluster in the Version History pane.

  3. Select the configuration version to pin, and click the pin icon on the top right of the page.

The pin symbol is displayed against the configuration version indicating that the version is pinned.

Rollback to a Configuration Version

The Rollback option enables you to deploy any version of the saved configurations to the device.

Restoring a configuration version involves overriding the device’s running configuration file with the selected version of the configuration backup file from Juniper Security Director Cloud.

Note:

When you rollback the configuration version of a device using Juniper Security Director Cloud, the portal processes this configuration change in a similar manner to a scenario where you would rollback the configuration without using Juniper Security Director Cloud.

In both such scenarios, the device becomes out of sync with Juniper Security Director Cloud's security policies. Juniper Security Director Cloud overwrites such device configurations with the original configuration when it deploys the security policies again. Use the configuration preview option to view the configuration changes.

You must resynchronize out-of-sync devices with Juniper Security Director Cloud. See Resynchronize a Device with Juniper Security Director Cloud.
  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Select the device or device cluster to rollback the configuration files, and click More >Configuration Versions.

    The Configuration Versions page opens displaying the previous ten versions of the configuration files for the selected device or the device cluster in the Version History pane.

  3. Select the configuration version to rollback to, and click Rollback.
    The Rollback Operation pop-up opens asking you for confirmation to continue the rollback operation.
  4. Click Yes.
    A job is created for the rollback operation and the details are displayed on the top of the page. Click Administration > Jobs to view the job.

Once the job completes the device configuration rollback is complete. The configuration resources of the device are resynchronized and the device is ready for use.

Compare Configuration Versions

Juniper Security Director Cloud enables you to compare two device configuration versions by using the Compare option.

You can view the device configuration versions side by side to compare and see the total number of differences, the date and time of the last commit operation, and the number of changes made.

Note:

When you compare versions, each configuration parameter in one version is set side by side with the same parameter in the other version. Therefore, you might see multiple pages of configuration for a single parameter in one version, whereas the same parameter in the other version might be only a few lines long.
  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Select the device or device cluster to compare configuration versions, and click More >Configuration Versions.

    The Configuration Versions page opens displaying the previous ten versions of the configuration files for the selected device or the device cluster in the Version History pane.

  3. Select the configuration versions to compare to, and click Compare.

    The Comparison page opens displaying the delta between the two versions. Table 1 describes what the color-coded text indicates.

    Table 1: Comparison Page Legend

    Text Color

    Description

    Black text

    Indicates content that is common to both files

    Green text

    Indicates content in the source file on the left that is not contained in the target file on the right

    Blue text

    Indicates content in the target file on the right that is not contained in the source file on the left

    Pink text

    Indicates content that is changed.

    The status bar shows the current page number and the total number of pages, along with navigation controls to move from page to page and to refresh the display.

  4. To locate differences in configuration, click to view the previous difference or to view the next difference.

See Also