Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the 'Configuration Rollback' feature for?

1

0

Article ID: KB6912 KB Last Updated: 27 Apr 2020Version: 4.0
Summary:

This article explains what the "Configuration Rollback" feature is for in ScreenOS.

 

Symptoms:

Last Known Good Config (LKG) Rollback FAQ: what is the "Configuration Rollback" feature for?

 

Solution:

In ScreenOS, the "Configuration Rollback" feature allows the NetScreen device to revert to a stored "Last Known Good" configuration (LKG) from flash, SHOULD you have issues loading a configuration file or have problems with a particular configuration file just loaded, and so on.

If you load a configuration file that causes problems, such as failure of the NetScreen device, or remote users lose management to the device, you can perform a rollback to revert to a "last-known-good configuration" file that was previously saved in flash. This configuration is referred to as LKG or the last known good configuration. Upon device reset, the NetScreen loads the configuration from that LKG file.

LKG Commands

Creating the LKG File:

Before using the rollback feature, you must create an LKG file in flash. Watch the status messages from this command. If there is insufficient memory in flash to store two copies of the configuration, LKG creation will fail. This will happen only if the default configuration file is VERY large.

save config to last-known-good

Verify the LKG file in the flash:

ssg140-> get file
    flash:/burnin_log1                           40960
    flash:/burnin_log0                           40960
    flash:/ns_sys_config                          2300
    flash:/envar.rec                               132
    flash:/prngseed.bin                             32
    flash:/crash.dmp                            131072
    flash:/license.key                            1085
    flash:/expire.rec                               71
    flash:/kav_db/
    flash:/tst_db/
    flash:/dnstb.rec                                 1
    flash:/$lkg$.cfg                              2302
    flash:/pkidatabase.digest                       20
    flash:/$BABOOT$.BIN                       12582912
    flash:/ns_sys_cfg.sig                           20

The LKG file is stored with name "$lkg$.cfg."

Lock LKG/Enable Rollback

  • System will load LKG if rebooted during rollback enable.

Automatic configuration rollback is disabled by default. Use the following command to enable configuration rollback:

ssg140-> exec config rollback enable [Enter] ssg140(rollback enabled)->

Once configuration rollback is enabled, the LKG file gets locked to prevent other users from overwriting it. It is a best practice to enable configuration rollback before making changes to the configuration of the NetScreen device. Once the changes are confirmed, you can disable rollback to unlock the LKG file, then save the updated configuration to the LKG file, as well as the default.

Unlock LKG/Disable Rollback

exec config rollback disable [Enter]

Force Reboot with LKG

  • System resets and loads LKG.

exec config rollback

Upon device reset or reboot, the LKG file loads. Configuration rollback is disabled after the system is reset. The LKG file still exists, but will not be loaded automatically if the system were to be reloaded. You will have to enable configuration rollback to have the system load the configuration from the LKG file.

 

Modification History:

2020-04-27: Article reviewed for accuracy. Requested to republish this article. Some minor changes have been done.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search