Discarding configuration changes for a Juniper SRX router/firewall

If you've been entering commands for configuration changes on a Juniper Neworks SRX router/firewall, which runs the Juniper Network Operating System, Junos OS, but haven't committed those changes to make them active, you can discard them using the command rollback 0. which will replace the "candidate config", i.,e., the one you've been editing, with the active configuration, which is also the boot configuration.
root@Alder# rollback 0
load complete

[edit]
root@Alder#

The device can store multiple prior configurations and you can revert to one of those other prior configurations, instead, using rollback n where n is the number for the prior configuration. You can also rollback to a saved "rescue" configuration with rollback rescue. You an see a list of the stored configurations to which you can revert using the command rollback ?.

How to be an Independent security researcher Ethical Hacker
How to be an independent
security researcher / ethical hacker
1x1 px

root@Alder# rollback ?
Possible completions:
  <[Enter]>            Execute this command
  0                    2017-03-01 19:46:11 EST by root via junoscript
  1                    2017-03-01 19:32:55 EST by root via cli
  2                    2017-03-01 16:15:17 EST by root via junoscript
  3                    2017-01-23 20:04:20 EST by root via junoscript
  4                    2017-01-22 17:30:50 EST by root via cli
  5                    2017-01-22 17:17:53 EST by root via cli
  rescue               2017-03-01 17:46:52 EST by root via junoscript
  |                    Pipe through a command
[edit]
root@Alder#

The ones that include "via cli" in the description are for configuration changes I made through the command line interface (CLI) whereas others were done through the web-based management interface.

If I want to see the differences between the active configuration and a specific rollback configuration, I can do so using a command like the one shown below:

root@Alder# show configuration | compare rollback 1
[edit security policies from-zone untrust to-zone trust policy Speleologist_SSH then]
+       count;

[edit]
root@Alder#

I can see from the above output that there is only one policy change. The one shown above is in the current configuration, but not in the rollback 1 configuration. I can revert to a rollback configuration, e.g., rollback 1 and then use the commit command.

root@Alder# rollback 1
load complete

[edit]
root@Alder# commit
commit complete

[edit]
root@Alder#

I can then see that the "rollback 0" configuration previously labeled "2017-03-01 19:46:11 EST by root via junoscript" has now been moved down to "rollback 1"

root@Alder# rollback ?
Possible completions:
  <[Enter]>            Execute this command
  0                    2017-03-01 21:35:40 EST by root via cli
  1                    2017-03-01 19:46:11 EST by root via junoscript
  2                    2017-03-01 19:32:55 EST by root via cli
  3                    2017-03-01 16:15:17 EST by root via junoscript
  4                    2017-01-23 20:04:20 EST by root via junoscript
  5                    2017-01-22 17:30:50 EST by root via cli
  rescue               2017-03-01 17:46:52 EST by root via junoscript
  |                    Pipe through a command
[edit]
root@Alder#

You can see the configuration details for a previously committed rollback configuration from operational mode, i.e., where you see the ">" prompt rather than the "#" prompt using the command show system rollback number where number is the rollback configuration to view. If you are in configuration mode where you see the "#" prompt, you can get back to operational mode by typing exit. E.g.:



root@Alder# exit
Exiting configuration mode

root@Alder> show system rollback 1
## Last changed: 2017-03-01 19:45:41 EST
version 11.4R5.5;
system {
    host-name Alder;
    time-zone America/New_York;
    root-authentication {
        encrypted-password "$1$Sz5LLcL9$rGBVEVAgq1FsCxP3g/oJL/"; ## SECRET-DATA
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        xnm-clear-text;
        web-management {
            http {
                interface [ vlan.0 vlan.4 ];
            }
            https {
                system-generated-certificate;
                interface [ vlan.0 vlan.4 ];
            }
        }
        dhcp {
            router {
                192.168.0.1;
            }
<text snipped>
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {

root@Alder>

You can compare two rollback configurations in operational mode using the command show system rollback number compare other_number whare number and other_number are two rollback configuration numbers.

root@Alder> show system rollback 1 compare 0
[edit security policies from-zone untrust to-zone trust policy Speleologist_SSH then]
+       count;

root@Alder>