Skip to main content
raphael_lage
raphael_lage
New Member
May 8, 2018
Solved

Auto-script override

  • May 8, 2018
  • 1 reply
  • 16347 views

Hello guys. First of all sorry for my bad English. In the fortigate that we use in my company, I made the configuration of an automatic script so that a full backup of my fortigate is made every day.

 

I am moving the .conf file to a server through a TFTP, but the backup is overlapped. Is there a way to not overlap?

 

Each day I generate the new backup, create a new file and move it to the server? example: Backup_20180508 - first day Backup_20180509 The second day and so on.

 

Thank you guys

    Best answer by Iescudero

    That is the last line, you must start for the first one:

     

    1) set DESTINATION=\\192.168.1.10\Backup Firewall

                         A) Delete the spaces between words: set DESTINATION = \\ 192.168.1.10 \ Backup Firewall

                         B) This create a environment variable with the name DESTINATION which points to your file share.

                         C) you can found more information about this in this site:   https://ss64.com/nt/set.html

                         D) Also check the folder Backup Firewall because you have an space between those two words.

                         E) Try to create the file share and assigned the letter D. I didnt try with 

     

    If this goes right, try next sentence and go on.

    1 reply

    Iescudero
    Iescudero
    New Member
    May 16, 2018

    Hi there!

    you can do this with pscp

     

    1) Create a user with read only privilege in the Fortigate. ie: user backup, password: 1234 2) In a File Share (ie: D:\backup\), put PSCP.EXE  and create a BAT file with this: set DESTINATION=D:\backup set FECHA=%date:~6,4%%date:~3,2%%date:~0,2% set LOG=D:\backup\backup.log echo Y|pscp -P 22 -pw 1234 backup@192.168.0.1:sys_config %DESTINATION%FORTIGATE%FECHA%.conf >> %LOG%   192.168.0.1 is the IP of your Fortigate. In the BAT file the user and password is stored in clear text, so that's why is necessary a read only user, but if you don't mind, you can use the admin user.   3) Create a schedule task in windows to execute the bat.   In addition: Just check the SCP is enabled in your Fortigate: config system global set admin-scp enable end and of course, you have to download pscp: http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html   Hope it helps!

    raphael_lage
    raphael_lageAuthor
    New Member
    May 17, 2018

    Thanks for the help lescudero.

     

    I followed the steps, but I did not succeed in generating the backup file.

     

    I downloaded PSCP.exe and placed the file inside a shared folder, which is on a backup server.

     

    Example: \\ 192.168.1.10 \ Backup Firewall I created the .BAT file with the following settings:

     

    set DESTINATION = \\ 192.168.1.10 \ Backup Firewall

    set DATE =% date: ~ 6.4 %% date: ~ 3,2 %% date: ~ 0,2%

    set LOG = \\ 192.168.1.10 \ Backup.log

    echo Y | pscp -P 22 -pw 1234 @ user_backup@192.168.1.1: sys_config% DESTINATION% FORTIGATE% DATE% .conf >>% LOG%

     

    I created a task on windows to run the BAT every 1 minute to test and it is not generating any backup files.

     

    Note: I checked in my fortigate and SCP is enabled. The user_backup only has read permission on my fortigate and I created it as a local user, is that correct?

     

    Thanks again.

    Iescudero
    Iescudero
    New Member
    May 17, 2018

    Hi there! you're welcome!

    The user_backup must be a administrator user with read only permissions.

    Also you can do two things:

     

    1) Execute manually the bat and check if the configuration file is created.

    2) Open  Backup.log with Notepad and check if you can see any issue.

     

     

    Terms & ConditionsAccessibility statement