Remote (TFTP) Full Configuation backups from Reserved HA Management interfaces

Forum|Forum|2 years ago
August 16, 2023
2 replies
2430 views

Hello!

Seemingly, 'Reserved HA Management' interfaces (config ha-mgmt-interfaces) are meant for incoming administrative connections, however, Fortinet makes an exception with 'ha-direct' for some outgoing connections.

Is it possible to use these interface for remote (esp. TFTP) backups using "execute backup full-config tftp ..."?

R's, Fern.

FortiGate

pjawalekar

Staff

Hi fern-X,

When HA-direct is enabled, FortiGate uses the HA management interface to send log messages to FortiAnalyzer and remote syslog servers, sending SNMP traps, access to remote authentication servers (for example, RADIUS, LDAP), and connecting to FortiManager, FortiSandbox, or FortiCloud.

For tftp backups the traffic will not be pushed from ha management interface but firewall will use its routing table to forward the traffic.

Regards,

Pratik

Fern-XAuthor

New Member

Hi Pratic,

thank you, however, your reply is already well covered by Fortinet documentation. My question was: "Is it possible to use these interface for remote (esp. TFTP) backups using "execute backup full-config tftp ..."?" - is the answer Yes or No? If No, can you suggest alternative method?

R's, Fern

pjawalekar

Staff

Hi Fern-X,

In case of HA management interface, in the background, FortiGate creates a hidden VDOM named vsys_hamgmt.
Can you please try to run the configuration backup command from it. Sharing one KB regarding the hidden VDOM named vsys_hamgmt:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-Reserved-Management-Interface-s-hidden-VDOM/ta-p/214783

exe enter vsys_hamgmt
execute backup full-config tftp ----

Regards,

Pratik

leathaleonel

New Member

Hey! To solve the Fortinet exception you must know about the exception handling.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded