Skip to main content
DGGmail
DGGmail
New Member
May 3, 2021
Question

[Firmware 7.0.0] - Stitch not running

  • May 3, 2021
  • 2 replies
  • 4062 views

Good morning,

  this is my first post on the forum so, hi all :)

 

I'm trying to setup a "stitch" to push the configuration to an tftp server whenever the configuration changes. The firmware my firewall is running is 7.0.0. The tftp is working fine: if i force a push via cli with the following command: 

execute backup config tftp /backup/fortigate.cfg 192.168.7.12
the file gets created/updated.

 

The "action" (security frabric -> automation) is defined as below:

    edit "PushTFTP"
        set description "Push config to TFTP"
        set action-type cli-script
        set minimum-interval 60
        set delay 10
        set script "execute backup config tftp /backup/fortigate.cfg 192.168.7.12"
        set accprofile "super_admin_readonly"
    next

 

As trigger, I'm using the default "Changelog"

 

The stich is defined as following: 

edit "Cfg2TFTP"
        set description "Send config to TFTP when changed"
        set trigger "Changelog"
        set action "PushTFTP"
next

 

If i test it with the "Test automation stitch" option (mouse right click on the stitch) I get a green flag saying the stitch has been triggered successfully and the trigger count increases but no file get uploaded/updated on the tftp server.

Can someone help me understand what I'm doing wrong and how to fix it?

Thank you

    2 replies

    DGGmail
    DGGmailAuthor
    New Member
    May 7, 2021

    Today I opened a ticket to the support: a bug has been confirmed when the

    execute backup config tftp /backup/fortigate.cfg 192.168.7.12

    is not run from a shell (AKA with a stitch or a scheduled script): the filename sent to the tftp server is modified prepending the device searial number. An example:

    if your script is

    execute backup config tftp /backup/fortigate.cfg 192.168.7.12

    the server receive a request for

    FortigateSerialNumber_/backup/fortigate.cfg

    which result in the config not being uploaded.

     

    Kangming
    Staff
    Kangming
    Staff
    May 9, 2021

    Is your environment HA? My single FGT test is good.

     

    DGGmail
    DGGmailAuthor
    New Member
    May 9, 2021

    Hello,

     

      yes, I'm running two fortigate firewall in HA (active/passive). Fortigate support confirmed a bug related to the

    execute backup config tftp

    when executed from stitch/scheduled script.

    Stitches are working fine in fact if you replace the script execution  with a mail notification, the notification is sent.

     

     

    Have a nice day

    is185
    is185
    New Member
    December 22, 2021

    Funny as I am experiencing the same but as a single FGT running 7.02. If I replace it with email it runs. stick in the the script to back up I get nothing.

    Terms & ConditionsAccessibility statement