Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Fortizaid
Staff
Staff

Created on ‎04-17-2024 10:12 AM

Article Id 310231

Technical Tip: Configuring an automated script for daily FortiGate configuration backups

Description This article describes how to use the automated scripting feature on the Fortigate in order to backup full configurations daily without using automation stitches. The configuration will be sent to an FTP server and saved in a .txt file. 
Scope FortiGate.
Solution

On the FortiOS, there is an auto script feature that can run a executable command to backup a full configuration to an FTP server. This script can be run infinitely or for a limited number of times depending on the user's requirements. For this article's purposes, the script will be running once every 24 hour period. 

 

Refer to the CLI reference.

 

config system auto-script

edit "backupftp" (name of the auto-script)

set interval {integer} Repeat interval in seconds. range[0-       31557600]

set repeat {integer} Number of times to repeat this script (0 = infinite). range[0-65535]

set start {manual | auto} Script starting mode.

manual Starting manually.

auto Starting automatically.

set script "execute backup config ftp <backup_filename> <ftp_server> [<port>] [<user_name>] [<password>]" <----List of FortiOS CLI commands to repeat. size[255]

set output-size {integer} Number of megabytes to limit script output to (10 - 1024, default = 10). range[10-1024]

next

end

 

Refer to the following example of a daily backup configuration to a third party FTP server:

 

show full-configuration

config system auto-script

edit "FTP"

set interval 86400

set repeat 0

set start auto

set script "execute backup full-config ftp backp.txt 10.0.1.10 anonymous 123456789"

set output-size 10

next

end

 

In this example:

  • 10.0.1.10 is the IP address of the FTP server.
  • 'anonymous' is the username to connect to the FTP server.
  • 123456789 is the password of the user connecting to the FTP server.
  • 'backup.txt' is the file name that will be saved on the FTP server.
  • The FTP server used in this example is hosted by a third party application called 3C Daemon. Ensure that there is an FTP folder where the .txt file would be saved prior to running the script.

 

To test and validate the script, run the string used in the auto-script configuration:

 

execute backup full-config ftp backp.txt 10.0.1.10 anonymous 123456789

Please wait...

 

Connect to ftp server 10.0.1.10 ...

Send config file to ftp server OK.

 

Note: A 'Send config file to ftp server OK' message should be generated if the connectivity to the FTP server is functional and the script string command is correct. The script will run infinitely every 24 hours and save a backup configuration file to the FTP folder. The parameters for this script can be changed in accordance with the user’s FTP requirements.
Labels:
454
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.