Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssaykal
Staff
Staff

Created on ‎09-28-2022 08:19 AM Edited on ‎10-26-2023 09:04 PM By Community Manager

Article Id 225133

Technical Tip: How to get a backup config file on FortiGate by using a python script from a non-management VDOM

Description

This article describes how to get a backup config file on FortiGate by using a Python script from non-mgmt VDOM.
Scope

FortiGate v7.0.x.
Solution
  1. Create an Admin Profile for REST API Admin in FortiGate under System -> Admin Profiles -> Create New.
  2. Select permissions for the REST API Admin profile. Admin read/write access is required.

 

ssaykal_0-1664377511370.png

 

  1. Create a REST API Admin in FortiGate under System -> Administrators -> Create New -> REST API Admin to provide access rights for API requests.

 

ssaykal_1-1664377542552.png

 

  1. Enter a Username and select Administrator Profile and Virtual Domains.

 

ssaykal_2-1664377581761.png

 

  1.   Save the API key that is generated immediately after selecting the 'Save' button as in the screenshot below:

 

ssaykal_3-1664373982071.png

 

so far there is a way to configure a generic API user with read/write rights but in order to be able to make a backup via API of the FortiGate unit the API admin must be set with super_admin rights, and CLI has to be used:

 

config system api-user
    edit "API_user"
        set api-key ENC blahblah
        set accprofile "super_admin"
        set vdom "root"
    next
end

 

  1.  Create a new Python file.
  2. Add the following Python script to that file and save it.

 

NOTE:

Do not forget to modify the IP address, token, and file directory.

 

import os

import sys

import requests

import json

 

def Api():

 

main_url = "https://10.109.17.34/"   # Edit IP address

    client = requests.session()

    client.verify = False

 

    token = "aaaabbbcccc…."

 

url_new = (main_url + "api/v2/monitor/system/config/backup?scope=vdom&vdom=TEST&access_token="+token)    resp = client.get(url_new)

 

file= open(r'C:\Users\Desktop\config-file.txt' ,'w') # please edit file directory

    for line in resp.text:

            file.write(line)

   

Api()

 

Main_url is the IP address of the Fortigate

                Scope = Vdom

                Vdom = Vdom name ( Vdom which PC connected and sent the request)

                Token = Token that is generated in step 5

 

Execute the Python script. It will create a file named 'config-file.txt ' in the specified directory with the configuration of the FortiGate inside.
Labels:
2389
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.