There are two ways to save a copy of your firewall.  The first is to save a copy of the configuration’s XML file.  This file contains the policies and settings on the device, but is not considered a true backup.  Creating backup files is much like creating a snapshot of the firewall, as it includes the configuration, certificates, feature key, and passwords.  

WatchGuard’s process for restoring a backup has changed in the last few years, making rolling back a simpler process.  Being able to restore a backup is important if you are running into an issue potentially related to a firmware upgrade.  The reason for this is that rolling back to a previous version of firmware will factory reset the device if there is no restore file available.

It is important to understand that, if restoring a backup, your policies will revert to their state at the time of backup.  This may mean that you will need to reload a newer configuration file to put policies back the way they were at the last save.

Creating a Backup

Creating a backup is a vital part of the firmware upgrade process.  It is also recommended to take a backup if you are going to be making any significant changes to your firewall’s configuration as an added level of precaution. 

The new process is for backups to get stored directly on the firebox.  The device is supposed to automatically perform this before an upgrade, however it’s always a good idea to take a backup manually as well.

To Create a Backup through Policy Manager:

1. Select File > Backup and Restore

2. Log in with admin credentials

3. Click Create, and a backup file will be generated and stored on the device

To Create a Backup through Web UI:

1. Log in with admin credentials

2. Select System > Backup and Restore Image

3. Click the lock icon to unlock the device

4. Click Create Backup Image

Downgrading Firmware and Restoring a Backup

If you need to downgrade your firmware, it is best to restore a backup file during the process.  Otherwise, the firewall will revert to factory-default settings.

To Downgrade and Restore through Policy Manager:

1. Download the version of firmware you want to roll back to from the WatchGuard website, and make sure to install it on your computer

2. Select File > Upgrade

3. Log in with admin credentials

4. Select the firmware version you want to downgrade to

5. If prompted to upgrade, select Yes

6. Select the backup file to restore back to

NOTE: You can only restore to a backup file running the same firmware version you are downgrading to

7. The downgrade will complete, and the backup will be restored.  The firewall will reboot as part of this process.

To Downgrade and Restore through Web UI:

1. Download the Web UI version of firmware you want to roll back to from the WatchGuard website, and make sure to unzip it on your computer

2. Select System > Upgrade OS

3. Select the option to import an upgrade file, and load the firmware file previously downloaded and unzipped

4. Select Yes when prompted to complete the downgrade

5. Select the backup file to restore to

6. Select Yes when prompted to reboot

7. The downgrade will complete, and the backup will be restored.  The firewall will reboot as part of this process.