FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ManpreetSingh
Article Id 280919
Description This article explains how to take scheduled config back-up of FortiGate on the Backbox tool.
Scope FortiGate.
Solution

BackBox is a network automation and security orchestration platform that helps organizations automate network device backup, configuration management, and security compliance tasks, enhancing network reliability and security.

Refer to:

https://www.fortinet.com/content/dam/fortinet/assets/alliances/2019/sb-fortinet-alliances-backbox.pd...

 

Follow the steps below to set up FortiGate integration on Backbox. 

 

On FortiGate: 

 

  1.  Enable SCP.

From CLI:

 

config system global

   set admin-scp enable

end

 

  1. Enable SSH access on the interface.
  • SCP uses SSH protocol to provide secure file transfer. The interface used for administration must allow SSH access.

From GUI:

  • Go to System -> Network -> Interface.
  • Select the Edit icon for the interface used for administrative access.
  • In the Administrative Access section, select the SSH check box.
  • Select 'OK'.

 

From CLI:

Allow SSH access on the interface from which Backbox is accessible.

 

config system interface

    edit <interface name>

    append allowaccess ssh

end

 

  1. Create an admin account for Backbox.

config user local

    edit admin

        set passwd test1234

        set status enable

     end

 

On Backbox Device:

 

  • Go to the dashboard page of the backbox and navigate to Devices -> All devices -> Add device.
  • Provide a name for the FortiGate.
  • Provide the IP address of the FortiGate
  • If there is a device group and agent configured, select them and select 'Next'.
 

Step 1Step 1

 

  • On the second page, Select Fortinet as the Vendor and FortiGate as the product (For version just use v4.X and above).
  • Select the desired backup type: It uses SCP protocol to take backup.

 

Step 2Step 2

 

  • Leave authentication type as custom.
  • Add user credentials created on the FortiGate
  • Use port 22 as it is.

 

Step 3Step 3

 

  • To access from Backbox to the FortiGate, select enable access and then select the no. of backup retention wanted. 
  • In the end, select the add and run backup option, and the FortiGate config backup will be visible.

 

Step 4Step 4

 

 Under jobs, create a job for a scheduled backup.

 

jobs.PNG

Comments
hpenmetsa
Staff
Staff

Very helpful