Technical Tip: How to backup/restore FortiAuthenticator config over FTP/TFTP

kiri · ‎02-17-2023

Description

This article describes how the config can be backed up/restored from CLI over FTP/TFTP in case access to the GUI is not possible.

Scope

FortiAuthenticator 6.x.

Solution

An FTP/TFTP server that has the config backup is necessary, and it is reachable to the FortiAuthenticator.

From the CLI, use this syntax to restore the config:

execute restore config tftp <filepath> <server fqdn:ipaddr> [password <encryption password>]

execute restore config ftp <filepath> <server fdqn:ipaddr>[:port] [ftp_user] [ftp_pass] [password <encryption password>]

Example:

execute restore config tftp FACVMKVM-v6.5.0-build1286_170223-1605.conf 10.5.23.153

From the CLI, use this syntax to back up the config:

execute backup full-config tftp <filename> <server fqdn|ipaddr> [password <encryption password>]

execute backup full-config ftp <path> <server fqdn|ipaddr>[:port] [ftp_user] [ftp_password] [password <encryption password>]

Note:

The configuration is valid only for a specific hypervisor and a specific firmware version. If these differ on the device being restored to, the restore operation will fail.

Fortinet support can convert the hypervisor version (when restoring to another hypervisor, such as from VMWare to KVM), but the firmware version is required to match.

If no error is displayed, the config will be restored, and FortiAuthenticator will restart.

Technical Tip: How to backup/restore FortiAuthenticator config over FTP/TFTP

You are leaving our website