Purpose
The purpose of this article is to explain how to backup the FortiGate Configuration with Kiwi CatTools, starting with FortiOS 4.0 MR3 Patch11 (4.2.11) and FortiOS 4.0 MR3 Patch4 (4.3.4).
Scope
Starting from FortiOS 4.0 MR2 Patch11 (4.2.11) and FortiOS 4.0 MR3 Patch4 (4.3.4), Kiwi CatTools is not able to parse the configuration fetched from the FortiGate.
The error "Failed to receive '#config' line in device config file" is returned.
This is because Kiwi CatTools relies on "show" and "show full-configuration" commands to backup the configuration, which is not the method recommended by Fortinet.
With older firmware releases, typing "show" in the CLI will return the first 3 or 4 (depending on the firmware version) "header lines", of which the first starts with #config-version ...
Fortinet recommends to use the "exec backup" CLI command to perform backups.
Diagram
Expectations, Requirements
Configuration
According to the Kiwi documentation, it is recommended to backup configuration files by using the "Device.Backup.Running_config" activity. However, this command uses a "show" or a "show full-configuration" command on the FortiGate, which does not work as expected on the FortiGate, starting from FortiOS 4.2.11 and FortiOS 4.3.4.
The solution is to use the "Device.Backup.TFTP" activity. The full documentation of this activity is available at the following URL:
http://www.kiwisyslog.com/help/cattools/index.html?act_devbackupftp.htm
Basically, it will
1) Connect to the FortiGate, using telnet or ssh
2) Execute "exec backup tftp ....." on the FortiGate
The 'File to write to TFTP server' field must be configured in the activity Options tab; for example "config" or alternatively "full-config".