Skip to main content
ssaykal
Staff
ssaykal
Staff
September 28, 2022

Technical Tip: How to get a backup config file on FortiGate by using a python script from a non-management VDOM

  • September 28, 2022
  • 0 replies
  • 5979 views
Description

This article describes how to get a backup config file on FortiGate by using a Python script from non-mgmt VDOM.
Scope

FortiGate v7.0.x.
Solution
  1. Create an Admin Profile for REST API Admin in FortiGate under System -> Admin Profiles -> Create New.
  2. Select permissions for the REST API Admin profile. Admin read/write access is required.

 

ssaykal_0-1664377511370.png

 

  1. Create a REST API Admin in FortiGate under System -> Administrators -> Create New -> REST API Admin to provide access rights for API requests.

 

ssaykal_1-1664377542552.png

 

  1. Enter a Username and select Administrator Profile and Virtual Domains.

 

ssaykal_2-1664377581761.png

 

  1.   Save the API key that is generated immediately after selecting the 'Save' button as in the screenshot below:

 

ssaykal_3-1664373982071.png

 

so far there is a way to configure a generic API user with read/write rights but in order to be able to make a backup via API of the FortiGate unit the API admin must be set with super_admin rights, and CLI has to be used:

 

config system api-user
    edit "API_user"
        set api-key ENC blahblah
        set accprofile "super_admin"
        set vdom "root"
    next
end

 

  1.  Create a new Python file.
  2. Add the following Python script to that file and save it.

 

NOTE:

Do not forget to modify the IP address, token, and file directory.

 

import os

import sys

import requests

import json

 

def Api():

 

main_url = "https://10.109.17.34/"   # Edit IP address

    client = requests.session()

    client.verify = False

 

    token = "aaaabbbcccc…."

 

url_new = (main_url + "api/v2/monitor/system/config/backup?scope=vdom&vdom=TEST&access_token="+token)    resp = client.get(url_new)

 

file= open(r'C:\Users\Desktop\config-file.txt' ,'w') # please edit file directory

    for line in resp.text:

            file.write(line)

   

Api()

 

Main_url is the IP address of the Fortigate

                Scope = Vdom

                Vdom = Vdom name ( Vdom which PC connected and sent the request)

                Token = Token that is generated in step 5

 

Execute the Python script. It will create a file named 'config-file.txt ' in the specified directory with the configuration of the FortiGate inside.
Terms & ConditionsAccessibility statement