Skip to main content
robsonlupo
robsonlupo
New Member
March 24, 2017
Solved

Automated Full-config backups

  • March 24, 2017
  • 2 replies
  • 23380 views

We would like to be able to scheduled automated full-config backups to be offloaded to an FTP server. I do not want to use fortimanager. Is there any other way?

    Best answer by Iescudero

    Hello!

    I have automatic Backup with a few simple steps:

     

    1) Create a user with read only privilege in the Fortigate. ie: user backup, password: 1234

    2) In a File Share (ie: D:\backup\), put PSCP.EXE  and create a BAT file with this:

    set DESTINATION=D:\backup set FECHA=%date:~6,4%%date:~3,2%%date:~0,2% set LOG=D:\backup\backup.log

    echo Y|pscp -P 22 -pw 1234 backup@192.168.0.1:sys_config %DESTINATION%FORTIGATE%FECHA%.conf >> %LOG%

     

    192.168.0.1 is the IP of your Fortigate.

    In the BAT file the user and password is stored in clear text, so that's why is necessary a read only user, but if you don't mind, you can use the admin user.

     

    3) Create a schedule task in windows to execute the bat.

     

    In addition:

    Just check the SCP is enabled in your Fortigate:

    config system global set admin-scp enable

    end

    and of course, you have to download pscp:

    http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

     

    Hope it helps!

    2 replies

    NeilG
    NeilG
    New Member
    March 25, 2017

    You can backup to your free FortiCloud account if you use that - although right now you have to run the backup from an external source or run it manually (having the fortigate itself run the backup is not working).

    The auto-script in 5.4 seems to be not fully baked and we have been told to wait for 5.6.

     

    However if you are running a script from a Linux box through ssh then just look at the correct syntax based on your cli version:

    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-best-practices-54/Firmware/Performing_Config_Backup.htm

     

     

    … or for FTP (note that port number, username are optional depending on the FTP site)…

    execute backup config ftp <backup_filename> <ftp_server> [<port>] [<user_name>] [<password>]

     

    … or for TFTP …

    execute backup config tftp <backup_filename> <tftp_servers> <password>

     

    Is that the info you were looking for?

     

    -N

    TuncayBAS
    TuncayBAS
    Explorer
    March 25, 2017

    I have prepared an application that I think will help you after a long visit. At the moment we are doing manual backups. Scheduleable backup will be added in the future. You enter Fortigate access information for all the customers you have checked in the program. The entered information is kept encrypted in the file. If you want, you can get all the devices at the same time or only one device.

     

    Language : TR and ENG

    http://www.tuncaybas.com/...a-cihazdan-yedek-alma/

    Iescudero
    IescuderoAnswer
    New Member
    March 27, 2017

    Hello!

    I have automatic Backup with a few simple steps:

     

    1) Create a user with read only privilege in the Fortigate. ie: user backup, password: 1234

    2) In a File Share (ie: D:\backup\), put PSCP.EXE  and create a BAT file with this:

    set DESTINATION=D:\backup set FECHA=%date:~6,4%%date:~3,2%%date:~0,2% set LOG=D:\backup\backup.log

    echo Y|pscp -P 22 -pw 1234 backup@192.168.0.1:sys_config %DESTINATION%FORTIGATE%FECHA%.conf >> %LOG%

     

    192.168.0.1 is the IP of your Fortigate.

    In the BAT file the user and password is stored in clear text, so that's why is necessary a read only user, but if you don't mind, you can use the admin user.

     

    3) Create a schedule task in windows to execute the bat.

     

    In addition:

    Just check the SCP is enabled in your Fortigate:

    config system global set admin-scp enable

    end

    and of course, you have to download pscp:

    http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

     

    Hope it helps!

    Eduardo_Ramirez
    Eduardo_Ramirez
    New Member
    April 6, 2017

    looking do the same but i don´t even can make a backup to FTP now ... look my error 

     

    syd-proxy-fw1a (global) # execute backup full-config tftp backup.txt 10.159.240.231 Please wait... Connect to tftp server 10.159.240.231 ... Transfer timed out. Send config file to tftp server via vdom root failed. Command fail. Return code -1

     

     

    TuncayBAS
    TuncayBAS
    Explorer
    April 7, 2017

    I write my own programs for Fortigate.

    Rathje
    Rathje
    New Member
    January 5, 2018

    TuncayBAS

     

    Any update on your fantastic program ?

    I've downloaded the latest version from your homepage (English ver.), but iam unable to start the program on my win10 x64bit system. From the taskmanager i can see the program starts for a few sec. and then disappears again.

    Any help would be greatly appreciated.

     

    Thanks in advance.

     

    /Rathje  

    Terms & ConditionsAccessibility statement