Thank you so much for your help and advice.

How do you manually delete all clutter from GUI in FDM? That is what I have been trying to find. In FMC, there was option to delete from GUI.

And when we take a backup of FTD, will it not include everything including events / audit logs and even anyconnect packages etc? And then restore will bring all those back in. There is option under Device Administration to download a copy of the config in JSON format, but I have not found option to upload a configuration file.

The config file will only include the configs of the device, it won't include images or logs as far as I know.

If the plan would be to factory default the firewall and then to restore the configs, the n you need to consider that the IP address of the management interface needs to be manually configure, as the backup won't include it.

To restore a config backup file on the FDM, you need to go to the same place where you generate the config backup file. From that screen you should see the config backup file, next to it you should have an icon to restore the configs from the same file.

However, if you chose to delete the config backup file from the local FDM disk then on the same screen you should have an Upload button that you can use to upload the config backup file to be used to restore the config.

Thanks again. I believe we are talking the same thing, but using little different text :).

By backup and restore functionality, my understanding is that backup file is not just a file, it is complete set of everything and then yes there is restore option. There is a separate option under device administration to download config file (not backup file) and that config file is json and that will then be just the configuration and if I restore that config file on a factory reset box, yes I will expect the logs to be gone. But I don't find any option to restore from a config file. I can restore from a backup bundle file.

You welcome! I'm referring to the file that will be generated into the Backup and Restore section :), apologies but I don't have access to an FDM right now to send a screenshot. In that Backup and Restore section you can backup the device config, download the backup file (bundle or whatever we want to call it ) which I believe it will be in .gz format, delete the file, or restore it. If you did not remove it from the FDM you can click the restore button next to it and that would be enough for you to restore. However, say if you downloaded that backup on your local computer, and you factory defaulted the FTD or you removed the backup from the FDM and now you want to restore the FTD configs from that backup, then in this case you need to upload it from the Backup and Restore section and finally initiate the restore process.

Thank you so much Aref. I need to confirm that backup here will be without the events and logs and then restore from it, will work even without having to do factory reset. Just take a backup and then do a restore from it. The licensing and management port address (which is default for me anyway), I had read, stays the same. But in that case why is this separate section to do configuration download?

You will assume that Cisco will provide the simple option of deleting all the logs, when we cut over at a customer site. I will open a case with TAC and have them tell me exactly what to do thru the linux shell to erase the logs. Then all i need to do is something like  >/var/log/xyz to empty the log directory holding the events and audit log.

I will post the solution here.

Unfortunately no solution was available with Cisco support, on this very simple and required feature. Support engineer though was convinced and he has requested for this feature enhancement if this will get added to FDM in near future.

CSCwa96222 : Connection event and audit log purging