Meraki

Community

Meraki MX backup before configuration changes

ismailsh
Conversationalist
‎Sep 20 2024 7:19 AM
‎Sep 20 2024 7:19 AM

Meraki MX backup before configuration changes

We have a policy to take backup of our configuration before we make any changes.  We do this for any of our Cisco routers or switches or firewalls.

 

We would like to do the same when we make changes to our Meraki MX devices also.  Before making any changes to the firewall rules or any configuration, we would like to have a config backup.  Please can anyone let me know how we can achieve this?  I don't see the option anywhere.

0 Kudos
6 Replies 6
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 20 2024 7:32 AM
‎Sep 20 2024 7:32 AM

That is because you don't have a simple button to do this.
You will need to use the REST API for this.

Find out what API endpoints you need and then create a script to get the current config and a sort of rollback script that can reapply your previous settings.

This is not a walk in the park and will require some programming skills.

 

However having a simple visual backup is easier since if you can read JSON you can quite easily get the current configs through postman.

In response to GIdenJoe
ismailsh
Conversationalist
‎Sep 20 2024 7:43 AM
‎Sep 20 2024 7:43 AM

Thank you very much for the reply. 

 

Isn't backup and restore a basic functionality that all products have?  Any product whether from cisco or any other vendor has a backup feature so if someone makes a mistake, they can restore the config. 

0 Kudos
In response to ismailsh
mlefebvre
Building a reputation
‎Sep 20 2024 8:17 AM
‎Sep 20 2024 8:17 AM

For devices that store config locally and could lose their configuration, yes. With Meraki all of your config is in the cloud and continuously pushed to the device, so there is not as much need since even if you were to factory reset the device, as soon as it comes online it will download and take its config. Make sure to document what you are doing in your change window well and have the backout procedure to reverse it correctly.

In response to ismailsh
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Sep 20 2024 11:12 AM
‎Sep 20 2024 11:12 AM

True, the configuration is on the cloud and you can factory default your device, it will regain it's previously running config from the cloud.

But as you stated, you want a personal backup, even if this just for keeping locally or if it is for rolling back changes you're not satisfied with then it's not as simple as getting a config file like you have on a locally managed device.  You can get the config, but through API calls.  And it's not one config file, it are multiple JSON constructs.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 20 2024 2:27 PM
‎Sep 20 2024 2:27 PM

Not a concept that Meraki has.

 

If you make a change that results in a loss of access, Meraki will automatically roll it back.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Conne...

 

You can consult the change log to roll back.

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

 

You can duplicate a network prior to making a change so you have an identical copy.

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Cloning_Networks_...

 

You can use Meraki provided backup/restore scripts.

https://github.com/meraki/automation-scripts/tree/master/backup_configs

 

I know it is common place in Cisco Enterprise land to do this, but I don't have any customers who have transitioned across to Meraki who keep this concept anymore.  With the automatic roll back and documented change log - what is their left to protect against?

RonNorth
New here
Thursday
Thursday

We just had a vendor that was adding more Z3s to our environment that accidently selected our main network when adding to our template config for our Z3s, which wiped out the entire config on the MX for that network.  We lost all of our firewall rules, nats, vlans, everything!  And since it was a config change, we had to rebuild all of this manually. 

 

It would have been really nice to have a backup to restore from instead of having to rebuild everything in the middle of the work day.  The solution I came up with is to just create a template from each branch that I can update on a schedule so if this type of thing happens again I would be able to just apply the network to the correct template, let it apply the config from that template.  Then once it is back up and everything is good, I will remove the branch from the template and retain the config.

 

I hope this works as I have not put this into practice yet but am working on currently.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.