IPSO Configuration Sets

IPSO configuration sets allow you to change (or save) your systems complete current configuration. Allowing you to choose the required configuration (set) of your firewall with a few simple commands. This is useful for importing in configurations from other devices rather then setting up a box from scratch.

Configuration Set directory

The active configuration file is soft linked to the configuration file within /config/db/

ipso[admin]# ls -l /config/
total 8
drwxrwxr-x  2 root  operator  512 May  9 20:09 .snap
-rw-------  2 root  wheel      14 Jul  1 21:31 .sslpp
lrwxr-xr-x  1 root  wheel      28 Sep 26 20:02 active -> /config/db/Production_Config
drwxr-xr-x  2 root  wheel     512 Sep 26 20:02 db

Show Configuration Sets

To see which configuration sets you have available use the command,

ipso[admin]# clish -c "show cfgfiles"

Load an Configuration Set

To use another config file, place the file within /config/db/ and use the following command,

ipso[admin]# clish -s -c "load cfgfile [filename]"

Save a configuration to a configuration set

To save your current configuration to a  configuration set run the following commands. The newly created configuration set will now become active.

ipso[admin]# clish -s -c "save cfgfile [name]"

Additional Notes

  1. When copying configuration sets from device to device, the account passwords will be that of the device you copied the configuration file from.
  2. Once you have copied a configuration file from another box you will find that the /etc/hosts file has the wrong host name. Use the  `add/delete host name` clish command to resolve this.

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001