Skip to main content
ilucas
ilucas
New Member
November 17, 2014
Solved

Automated Full-config backups

  • November 17, 2014
  • 5 replies
  • 124750 views

We would like to be able to scheduled automated full-config backups to be offloaded to an FTP server. I know the fortimanager has backup capabilities of configs for its registered devices but we do not really need a full central management system (though it would be nice).

I'm wondering if anyone has used other solutions/workarounds to make this happen. I believe FortiMail or FortiWeb devices have a scheduled backup that can be run, but not FortiGate.

 

Thank you,

 

Ian

    Best answer by Dave_Hall

    See emnoc's post about scp or search link at the top of this page.

    5 replies

    Dave_Hall
    Dave_HallAnswer
    New Member
    November 17, 2014

    See emnoc's post about scp or search link at the top of this page.

    TechnoR05
    TechnoR05
    New Member
    November 17, 2014

    Hello,

     

    We use putty run from the tftp server.

    It's not the best security, also it is TFTP and all plain-text, but we have a task scheduled that does a backup every day of each vdom and also a full backup.

    It's something like this :

    the task runs a .bat file calling putty and login info :

    C:\Putty.exe -ssh <Fortigate IP> -l <UserLoginName> -pw <UserPassword> -m C:\BackupGlobal.txt

    And the txt files are similar to :

    config global exe backup config tftp <Filename> <ServerIP> end exit

    - -

    Does what we need, you could probably build from there.

     

    Regards

    ilucas
    ilucasAuthor
    New Member
    November 17, 2014

    Thanks! Likely, I would make a read-only account for this and allow as little as possible. I will also see about using the SCP option or a secured FTP option rather than TFTP, but this is helpful.

     

     

    TechnoR05 wrote:

    Hello,

     

    We use putty run from the tftp server.

    It's not the best security, also it is TFTP and all plain-text, but we have a task scheduled that does a backup every day of each vdom and also a full backup.

    It's something like this :

    the task runs a .bat file calling putty and login info :

    C:\Putty.exe -ssh <Fortigate IP> -l <UserLoginName> -pw <UserPassword> -m C:\BackupGlobal.txt

    And the txt files are similar to :

    config global exe backup config tftp <Filename> <ServerIP> end exit

    - -

    Does what we need, you could probably build from there.

     

    Regards

    adikad
    adikad
    New Member
    January 27, 2016

    with new FortiOS5.4 you can now have a scheduled auto config backup !

    config system auto-script

    edit "backup" set interval (secs) set repeat () set start auto set script "execute backup config tftp config.txt x.x.x.x" next end 

    cheers

    ã

    ytlpsnet
    ytlpsnet
    New Member
    August 29, 2016

    use a linux server, then config a script to schedule backup as below:

     

    #!/bin/bash #linux/UNIX SERVERS="your_fortigate_ip_address" # SSH User name USR="your_fortigate_username" PWD="your_fortigate_password" timestamp=$(date +"%y-%m-%d") # connect each host for host in $SERVERS do sshpass -p $PWD scp -oStrictHostKeyChecking=no $USR@$host:sys_config /home/backup-fortigate-config/"$timestamp"_"$host".conf done echo 'Backup Completed!' exit

    make sure you have config crontab for this script to backup in schedule, like every 2 days or 1 week...

    teamradon
    teamradon
    New Member
    May 1, 2017

    As a note to those thinking of using SCP and a read-only user.  

     

    I had this working and then when the time came to restore, the restore went fine except I could not login with an admin account!

    If the SCP backup is taken with a read-only account, it does not get the config for your super user account(s). Yes I double checked that my read-only account has access to EVERYTHING. I did call support and they confirmed. I personally feel this is a huge flaw but.......

    I have confirmed that if I connect and take the backup using SCP and using credentials for a super user that all user information is included. 

    Thankfully I had a full backup that existed for this router and I was able to copy the necessary user info to the backup file and then restore.

    lscunha
    lscunha
    New Member
    September 3, 2018

    Followed this tutorial http://kb.fortinet.com/kb....do?externalID=FD39818

    And got the same error,

     

    Send config file to ftp server via vdom root failed. Command fail. Return code 5

    Someone fixed it ?

    sruthi_reddy
    sruthi_reddy
    New Member
    January 21, 2021

    Hello lscunha , JRoberts ,

     

    FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password

    Please wait...

    Connect to ftp server 10.160.96.88 ... Send config file to ftp server via vdom root failed. Command fail. Return code 5

     

     

    Received the same error. 

     

    I followed https://phoenixnap.com/kb/install-ftp-server-on-ubuntu-vsftpd to install vsftpd on Ubuntu Server.

     

    Ran a tcpdump on the server: sudo tcpdump -i any port 21 -vvvv

     

    Observed error message: 550 permission denied 

     

    Have to edit: vsftpd.conf file to change settings: write_enable=NO,  to  write_enable=YES and it worked.

     

    It seems to be permission issue on the FTP server.  Can you please run TCPDUMP on the server and post here?

     

    After changing settings, I was able to send the file:

     

    FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password Please wait...

    Connect to ftp server 10.160.96.88 ... Send config file to ftp server OK.

     

    Hope that helps.  :) 

     

     

    Thanks,

    Sruthi

    NSE7

    Terms & ConditionsAccessibility statement