Technical Tip: Encrypted Scheduled Automatic configuration backup

Description

This article describes how to indicate the date in the file name in relation to FortiGate's automatic backup.

Scope

FortiGate v7.0, v7.2, v7.4, 7.6.

Solution

Configure the automation trigger:

config system automation-trigger
    edit "backup"
        set trigger-type scheduled
        set trigger-hour 06
        set trigger-minute 00
    next
end

Configure automation-action.
Settings to perform backup using 'script’:

config system automation-action
    edit "encrypt_backup"
        set action-type cli-script
        set script "execute backup config sftp FGT_backup.conf 10.0.3.225 my-ftp-user userpasword encryptpassword"
        set accprofile "super_admin"
    next
end

 Syntax for FTP server. Use it in an automation-action script:

execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<encrypt_password>]

Note: [<backup_password>] is used for encrypting the config file, and it is an optional parameter in the syntax.

 Syntax for TFTP server. Use it in an automation-action script:

execute backup config tftp <encrypt_filename> <tftp_servers> [<backup_password>]

Note: [<backup_password>] is used for encrypting the config file, and it is an optional parameter in the syntax.

Syntax for SFTP server. Use it in an automation-action script:

execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<encrypt_password>

Note: In the syntax, [<backup_password>] is used for encrypting the config file, and it is an optional parameter in the syntax.

Configure automation-stitch:

config system automation-stitch
    edit "encrypt_backup_test"
        set status enable
        set trigger "backup"
            config actions
                edit 1
                    set action "encrypt_backup"
                    set required enable
                next
            end
    next
end