Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tnaik
Staff
Staff

Created on ‎02-08-2021 01:04 AM Edited on ‎11-28-2024 02:13 AM By Moderator

Article Id 193765

Technical Tip: How to send automatic and scheduled system backup configuration

Description


This article describes how to configure automated backup of the FortiManager/FortiAnalyzer configuration.

For this demonstration FileZilla will be used as FTP server.

 

Scope

 

All versions of FortiManager and FortiAnalyzer have a CLI option.

In versions 7.4.1 and above, a GUI option is available.


Solution


FortiManager/FortiAnalyzer Automatic backup settings can be configured through both the CLI and from GUI as of version 7.4.1.

Maintaining up-to-date system configuration backup is crucial for many environments.
FortiManager and FortiAnalyzer have an option to create this backup automatically using the following settings.

The GUI method.

 

Go to Dashboard -> System Information (widget) -> System Configuration -> Backup (Icon).

 

vraev_0-1694097565287.png

 

 

Under Backup System -> Schedule Backup (Tab) toggle the Enable schedule backup. Use the appropriate settings for the environment.

 

22914_gui_2.png

 

To review the status of the backups, check them under Backup System -> Backup History (Tab).

 

22914_gui_history_a.png

 

The CLI method.

 

  1. Log in to the FortiManager/FortiAnalyzer CLI:

config system backup all-settings
    set status enable
    set server "10.1.1.1"       <----- FTP server IP address.
    set user "admin"            <-----  FTP server username.
    set directory "/fmg"
    set week_days monday tuesday wednesday thursday friday saturday sunday
    set time "18:47:00"
    set protocol ftp            <----- Use a question mark to see another available protocol option.
    set passwd pass123          <----- FTP server password.

end

 

Starting from versions 7.2.5, 7.4.2, and 7.6.0 the encryption password is required. The password can be a maximum of 63 characters. FortiManager uses AES-GCM encryption for backup configurations.

config system backup all-settings

     set status {enable | disable}

     set server {<ipv4_address>|<fqdn_str>}

     set user <username>

     set directory <string>

     set week_days {monday tuesday wednesday thursday friday saturday sunday}

     set time <hh:mm:ss>

     set protocol {ftp | scp | sftp}

     set passwd <passed>

     set crptpasswd <passed>

end

 

Note: The character '\' is used in the FortiManager CLI as an escape character.

If the encryption password contains the \ character, this needs either to be escaped (by adding \) or use single quotes around the password when referring to it in the CLI. For example:

 

execute backup all-settings ftp 10.0.0.1 backup/backup1.dat admin admin1234 ~jFeS.Z/i\\ilA~gnAaq=8c1n`gCabc

execute backup all-settings ftp 10.0.0.1 backup/backup1.dat admin admin1234 '~jFeS.Z/i\ilA~gnAaq=8c1n`gCabc'

 

Note: Make sure the CLI directory '/fmg' is set as an FTP directory only. Do not set it with any backup config filename such as backupconfig.dat. Otherwise, the following system event log will be seen when the auto backup fails because the backup config file is not a directory in the FTP server.

 

FortiManager/FortiAnalyzer system event log:

 

2022-09-08 08:25:14 log_id=0001010009 type=event subtype=system pri=notice desc="Schedule backup notification" msg="Backup all settings started"
2022-09-08 08:25:14 log_id=0001010060 type=event subtype=system pri=warning desc="Protocol failed" msg="FTP failed: Access denied to remote resource"
2022-09-08 08:25:14 log_id=0001010010 type=event subtype=system pri=warning desc="Schedule backup warning" msg="Backup all settings failed (upload failed)"

 

Use the following commands to review the current settings and backups that have been created:

 

get system backup all-settings

get system backup status

 
 

22914_CLI_status2_a.png

 

FTP Server event log:

 

(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> USER ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> 331 Password required for ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (10.47.47.99)> PASS ************
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 230 Logged on
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> PWD
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 257 "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> CWD /
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 250 CWD successful. "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> CWD backupconfig.dat
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 550 CWD failed. "/backupconfig.dat": directory not found.
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> QUIT
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> 221 Goodbye
(000027)9/8/2022 8:25:14 AM - ftpuser (10.47.47.99)> disconnected.

 

 

Make sure the FTP server is reachable from FortiManager/FortiAnalyzer with the following command:

 

exe ping x.x.x.x       <--- x.x.x.x is the FTP server IP.

 

  1. FileZilla settings:

    Create a user in FileZilla.

 
  1. Configured backup file location.
  

FileZilla logs.
 
 
 
Note: If there are issues related to the FTP server, contact the FTP server team.
 
FortiManager side troubleshooting.
 
Run a sniffer and then convert the file to PCAP.
 
di sniffer packet any "host <FTP_SERVER_IP> and port 21" 3 0 l
 
For example:
 
di sniffer packet any "host 10.1.1.1 and port 21" 3 0 l

Example PCAP output:
 
27167
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.