About Configuration History and Template Application History

Each time you update the configuration file for a fully managed device or update a Device Configuration Template, the Management Server stores the new version of the XML configuration file or template in the configuration history for that device or template. You can review the configuration history to see the details of when a file or template was changed, view a configuration file for a device or template to verify the settings in the file, see which devices a template has been applied to and when it was applied, review the differences between two versions of the configuration file for a device or template, and revert to a previous version of the configuration file for your device or template.

Configuration files saved in the history include all the policies and settings in the XML configuration file, but do not include any managed VPN tunnels, licenses, or certificates for your device. When you configure settings for your Management Server, you can specify the number of files to save in the configuration history for a device or template and require that users add a comment about the changes they made.

For more information about how to configure these settings, go to Define Configuration History and Change Comment Settings and Configure License Key, Monitoring, and Notification Settings for the Management Server.

On the settings page for a fully managed device or Device Configuration Template, you can review the basic details of the configuration history: the last time the file was updated in the history, the number of files saved in the history, and the amount of disk space on the Management Server used by the configuration history.

Review Configuration History and Application History Details

To see more details in the configuration history for a device or template:

  1. Open WatchGuard System Manager and connect to a Management Server.
  2. In the left navigation pane, select a fully managed device or a configuration template.
    The settings page for the selected device or template appears.
  3. In the Configuration History section, click View History.
    For a fully managed device, the Configuration History dialog box appears.
    Screen shot of the Configuration History dialog box
    For a Device Configuration Template, the History dialog box appears.    Screen shot of the History dialog box

For a fully managed device, the Configuration History dialog box includes this information about the selected device:

  • The last time the configuration file was saved to the Management Server.
  • The user name of the user who made the change.
  • The OS version on the device when the change was made.
  • Any comments the user made about the change.
  • The amount of disk space on the Management Server used by the configuration history.

For a Device Configuration Template, the History dialog box includes two tabs: Configuration History and Application History.

The Configuration History tab includes this information about the selected template:

  • The last time the configuration file was saved to the Management Server.
  • The user name of the user who made the change.
  • Any comments the user made about the change.
  • The amount of disk space on the Management Server used by the configuration history.

The Application History tab includes these details about the application history of the selected template:

  • When a template was applied.
  • The user who applied the template.
  • The first five devices to which the template was applied.

To review the settings in a configuration file for a device or template, you can open a file in the Revision History list. You cannot save a configuration file that you have opened from the history. To reapply a configuration file from the configuration history to a device or template, you must revert to an earlier configuration. For more information, go to the next section.

To make sure the dialog box includes the most recent changes to the history, such as the time a configuration file was reverted, you can click Refresh to update the history information that appears in the list.

To review the settings of a configuration file in the revision history for a Device Configuration Template:

  1. Select the Configuration History tab.
    The Revision history list appears.

Screen shot of the Device Configuration Configuration History dialog box

  1. To refresh the data in the list, click Refresh
  2. From the Revision history list, select an item.
  3. Click View.
    Policy Manager opens for the selected configuration file.

For more information about an applied template, and the complete list of devices to which the template was applied, you can open an item in the Template applications list.

  1. Select the Application History tab.
    The Template applications list appears.

Screen shot of the Device Configuration Template Application History dialoga box

  1. To refresh the data in the list, click Refresh
  2. From the Template applications list, select an item.
  3. Click Detail.
    The Details dialog box appears with all the details about when the template was applied, who applied the templates, and the complete list of devices to which the template was applied.

Generate a Configuration Report from a Revision

You can generate the XTM Configuration Report for any of the saved revisions of the device configuration file of your managed devices. The XTM Configuration Report includes a summary of the device configuration file settings in the revision that you select in an easy-to-read, printable format.

The Firebox Configuration Report for a managed device is divided into six main sections:

  • Network — Network configuration settings
  • Firewall — Firewall policies and proxy action settings, traffic management, SNAT, quotas, Mobile Security, and other network settings
  • Subscription Services — Settings for all Subscription Services configured on the Firebox
  • Authentication — Authentication settings, hotspot settings, configured users and groups, Single Sign-On settings, and Terminal Services settings
  • VPN — Branch Office VPN and Mobile VPN settings
  • System — System configuration, aliases, logging, NTP, SNMP, logging, FireCluster and global settings

For more information about the XTM Configuration Report, go to Generate Configuration Reports for Managed Devices.

  1. Open WatchGuard System Manager and connect to a Management Server.
  2. In the left navigation pane, select a fully managed device.
    The settings page for the selected device or template appears.
  3. In the Configuration History section, click View History.
    For a fully managed device, the Configuration History dialog box appears.
    Screen shot of the Configuration History dialog box
  4. From the Revision list, select a configuration file revision.
  5. Click Configuration Report.
    The Configuration Report dialog box appears with the configuration report for the configuration file revision you selected.

    6. The Configuration Report list includes these details for each Firebox:

    • Generated — Whether the report was successfully generated: Yes or No
    • Name — The friendly name (the device name) assigned to the Firebox
    • Model — The model of the Firebox
    • Version — The version of OS on the Firebox
    • Build Number — The build number of the OS version on the Firebox
    • Create Time — The time the report was generated

  6. To view the report, select the Firebox and click View.
  7. To open the folder where the .HTML report file is located, click Open Folder.

Revert to an Earlier Configuration

You can revert to an earlier configuration file that is included in the Revision history list for a device or template. When you revert to an earlier version of a configuration file, the current configuration file is replaced by the earlier version you selected. All the configuration settings in the earlier version are applied to the device or template, except for managed tunnels which are stored separately on the Management Server.

To reapply a configuration file in the history:

  1. To refresh the data in the list, click Refresh.
  2. From the Revision list, select an item.

Screen shot of the Configuration History dialog box for a fully managed device

  1. Click Revert.
    A confirmation message appears.
  2. Click Yes.
    The Comment dialog box appears.
  3. Type a comment to include in the revision history for the configuration file. Click OK.
    The configuration file is saved to your device and a new entry appears in the Revision History list.

Review the Changes Between Revisions

From the Configuration History dialog box for a fully managed device, you can run a report to see the changes that were made to the configuration file between revisions. You can select to compare any revision in the history against the previous revision, or select a specific revision number to compare it against.

You cannot run a report on the differences between versions of a template.

To run a Difference Report:

  1. From the Revision list, select a revision.
  2. Click Diff.
    The Difference Report dialog box appears.

Screen shot of the Difference Report dialog box, with the Compare against previous version option selected

  1. To compare the selected revision against the previous revision number, select Compare against previous version.

To compare the selected revision against a specific revision number, select Compare against and select the revision number from the drop-down list.

Screen shot of the Difference Report dialog box, with the Compare against option selected

  1. Click OK.
    The Management Server runs the Difference Report. After a few seconds, the Difference Report appears with the list of items that are different between the two versions.

Screen shot of the Difference Report dialog box, with the report results

Related Topics

Verify the Connection Status of a Device

About Centralized Management Modes

About the Device Management Page

Apply Device Configuration Templates to Managed Devices