About Restoring a Secure Firewall ASA Configuration
If you make a change to an ASA's configuration, and you want to revert that change, you can restore an ASA's past configuration. This is a convenient way to remove a configuration change that had unexpected or undesired results.
About Restoring an ASA Configuration
Review these notes before restoring a configuration:
CDO compares the configuration you choose to restore with the last known configuration deployed to the ASA, it does not compare the configuration you choose to restore with a configuration that is staged but not deployed to the ASA. If you have any undeployed changes on your ASA and you restore a past configuration, the restore process will overwrite your undeployed changes and you will lose them.
Before you can restore a past configuration, the ASA can be in a Synced or Not Synced state but if the device is in a Conflict Detected state, the conflict must be resolved before you restore a past configuration.
Restoring a past configuration overwrites all intermediate deployed configurations changes. For example, restoring the configuration from 1/31/2023 in the list below overwrites the configuration changes made on 2/15/2023.
Clicking the Next and Previous buttons will move you through the configuration file and highlight the configuration file changes
If you originally applied a change request label to your configuration changes, that label appears in the Restore Configuration list.
How Long are Configuration Changes Kept?
You can restore an ASA configuration that is 1 year old or less. CDO restores configuration changes logged in its changelog. The change log records changes every time a configuration change is written to or read from an ASA. CDO stores 1 year's worth of changelogs and there is no limitation on the number of the backups made within the previous year.