Description
This article describes how to configure automated backup of the FortiManager/FortiAnalyzer configuration.
For this demonstration FileZilla will be used as FTP server.
All versions of FortiManager and FortiAnalyzer have a CLI option.
In versions 7.4.1 and above, a GUI option is available.
Solution
FortiManager/FortiAnalyzer Automatic backup settings can be configured through both the CLI and from GUI as of version 7.4.1.
Maintaining up-to-date system configuration backup is crucial for many environments.
FortiManager and FortiAnalyzer have an option to create this backup automatically using the following settings.
The GUI method.
Go to Dashboard -> System Information (widget) -> System Configuration -> Backup (Icon).
Under Backup System -> Schedule Backup (Tab) toggle the Enable schedule backup. Use the appropriate settings for the environment.
To review the status of the backups, check them under Backup System -> Backup History (Tab).
The CLI method.
config system backup all-settings
set status enable
set server "10.1.1.1" <----- FTP server IP address.
set user "admin" <----- FTP server username.
set directory "/fmg"
set week_days monday tuesday wednesday thursday friday saturday sunday
set time "18:47:00"
set protocol ftp <----- Use question mark to see another available protocol option.
set passwd pass123 <----- FTP server password.
end
Note: Make sure the CLI directory '/fmg' is set as an FTP directory only. Do not set it with any backup config filename such as backupconfig.dat. Otherwise, the following system event log will be seen when the auto backup failed because the backup config file is not a directory in the FTP server:
FortiManager/FortiAnalyzer system event log:
2022-09-08 08:25:14 log_id=0001010009 type=event subtype=system pri=notice desc="Schedule backup notification" msg="Backup all settings started"
2022-09-08 08:25:14 log_id=0001010060 type=event subtype=system pri=warning desc="Protocol failed" msg="FTP failed: Access denied to remote resource"
2022-09-08 08:25:14 log_id=0001010010 type=event subtype=system pri=warning desc="Schedule backup warning" msg="Backup all settings failed (upload failed)"
Use the following commands to review the current settings and backups that have been created;
get system backup all-settings
get system backup status
FTP Server event log:
(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> USER ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> 331 Password required for ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> PASS ************
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 230 Logged on
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> PWD
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 257 "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> CWD /
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 250 CWD successful. "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> CWD backupconfig.dat
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 550 CWD failed. "/backupconfig.dat": directory not found.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> QUIT
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 221 Goodbye
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> disconnected.
Make sure the FTP server is reachable from FortiManager/FortiAnalyzer with the following command:
exe ping x.x.x.x <- x.x.x.x is the FTP server IP.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.