FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Demir21
Staff
Staff
Article Id 202286
Description This article describes another way on how to get the backup configuration file on FortiGate using HTTPS RestAPI calls from a Python script.
Scope FortiGate.
Solution
  1.  Create a REST API Admin in FortiGate under System -> Administrators -> Create New -> REST API Admin in order to have access to it via API.
  2. Save the API key that is generated immediately after selecting on 'Save' button as in the screenshot below:

 

Demir21_0-1640948430514.png

 

 

  1. Ensure that the API admin is set with super_admin rights, CLI must be used:

 

config system api-user
    edit "test"
        set api-key ENC blahblah
        set accprofile "super_admin"
        set vdom "root"
    next
end


  1. Create an empty file in Linux using the command: nano /home/backup.py.
  2. Add the following python script in the file and save it:

import requests:

 

api_url = 'https:/10.191.20.122/api/v2/monitor/system/config/backup?scope=global&access_token=Nbcyjfgb....'

 

requests.packages.urllib3.disable_warnings()

data = requests.get(api_url, verify=False)

with open('/home/api_configbackup.conf' ,'wb') as f:

         for line in data:

               f.write(line)

 

Where 10.191.20.122 is the IP of the FortiGate.

 

The scope is global for the global configuration of the FortiGate.

 

Access_token is the value of the token we previously generated. 

 /home/api_configbackup.conf is the place in the Linux machine where to save the backup file.

 

  1. Execute the Python script created with the command python3 /home/backup.py

 

The file api_configbackup will be created in the specified directory with the configurations of the Fortigate included.