Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] FAQ: In ScreenOS 5.0rx, what is the 'Configuration Rollback' feature for?



Article ID: KB6912 KB Last Updated: 23 Aug 2010Version: 3.0
FAQ: In ScreenOS 5.0rx, what is the 'Configuration Rollback' feature for?
LKG - Last Known Good Config Rollback FAQ: In Screen OS5.0rx, what is the "Configuration Rollback" feature for?

In screen OS5.0rx, the "Configuration Rollback" feature allows the NetScreen device to revert to a stored "Last Known Good" configuration (LKG) from flash,  SHOULD you have issues loading a configuration file or have problems with a particular configuration file just loaded, etc.

If you load a configuration file that causes problems, such as failure of the NetScreen device, or remote users lose management to the device, you can perform a rollback to revert to a "last-known-good configuration" file that was previously saved in flash. This configuration is referred to as LKG or last known good configuraiton. Upon device reset, the NetScreen loads the configuration from that LKG file.

LKG Commands:

Creating the LKG File:

Before using the rollback feature, you must create a LKG file in flash. Watch the status messages from this command. If there is insufficient memory in flash to store two copies of the configuration, LKG creation will fail. This will only happen if the default configuration file is VERY large.

save config to last-known-good

Lock LKG/Enable Rollback
- System will load LKG if rebooted during rollback enable

Automatic configuration rollback is disabled by default. Use the following command to enable configuration rollback:

ns-5xt-> exec config rollback enable [Enter] ns-5xt(rollback enabled)->

Once configuration rollback is enabled, the LKG file gets locked to prevent other users from overwriting it. It is best practice to enable configuration rollback before making changes to the configuration of the NetScreen device. Once the changes are confirmed, you can disable rollback to unlock the LKG file, then save the updated configuration to the LKG file, as well as the default.

Unlock LKG/Disable Rollback

exec config rollback disable [Enter]

Force Reboot with LKG
- System resets and loads LKG

exec config rollback

Upon device reset or reboot, the LKG file loads. Configuration rollback is disabled after the system is reset. The LKG file still exists, but will not be loaded automatically if the system were to be reloaded. You will have to enable configuration rollback to have the system load configuration from the LKG file.

Here is the problem or goal:

  • FAQ: In ScreenOS 5.0rx, what is the "Configuration Rollback" feature for?

Problem Environment:

  • LKG - Last Known Good Config
  • Rollback

Applicable Products:

  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-5GT
  • NetScreen-25
  • NetScreen-50
  • NetScreen-204
  • NetScreen-208
  • NetScreen-500

Applicable ScreenOS:

  • 5.0.0
  • 5.0.0 A/V

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search