Managing the Kaspersky NGFW configuration

Types of Kaspersky NGFW configurations

Kaspersky NGFW comes with a default configuration that is applied after the first startup of the device and includes a set of default settings. You can view the default configuration. You cannot edit or delete the default configuration. If necessary, you can reset the Kaspersky NGFW configuration to the default configuration using the config family of commands, or do a factory reset of the Kaspersky NGFW device using the system family of commands. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.

Kaspersky NGFW also has the following configuration types that are applied when you edit settings:

  1. The candidate configuration is the configuration of Kaspersky NGFW after the settings have been modified, but before the new settings are applied on the device. Any configuration changes are first saved in the candidate configuration and must be applied to the device.

    The candidate configuration is stored only in the RAM of the device. You can view, modify, import, export, and reset the candidate configuration. After being applied on the Kaspersky NGFW device, the candidate configuration is saved in the running configuration.

  2. The running configuration is the current configuration applied and functioning on the Kaspersky NGFW device.

    The running configuration is stored only in the RAM of the device and so is reset when the device is restarted. You can view, modify, import, and export the running configuration. If you want to the settings of the running configuration to be automatically applied at the next startup of the device, you need to save it as the startup configuration.

    After the device is powered on, the running configuration is the same as the startup configuration.

  3. The startup configuration is the configuration that is automatically applied after the Kaspersky NGFW device is powered on.

    The startup configuration is stored on the hard drive of the device. You can view, modify, import, and export the startup configuration. You can also reset the startup configuration to the default configuration using the config family of commands.

    The startup configuration can only be modified by way of the running configuration.

    When the Kaspersky NGFW device is powered on for the first time and before the first changes to the settings are applied, the startup configuration is identical to the default configuration.

Managing the configuration of Kaspersky NGFW on the command line

When using the command line, you must manually manage the Kaspersky NGFW configuration types to apply any changes made to the settings.

To apply the configuration of Kaspersky NGFW on the command line:

  1. Make the necessary changes to the Kaspersky NGFW settings.

    A candidate configuration is created with the new settings.

  2. Apply the new settings to the device:

    commit

    The candidate configuration is saved as the running configuration.

  3. If necessary, save the running configuration to have it applied automatically after the device is started:

    config save

    The running configuration is saved as the startup configuration.

Changes of Kaspersky NGFW settings are applied to the device. If you saved the changes in the startup configuration, the next time the device is powered on, these settings are applied automatically.

For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.

Page top