Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
npaiva
Staff
Staff

Created on ‎12-17-2024 02:26 AM

Article Id 365170

Technical Tip: Security Fabric Backup using Automation Stich causing overwritten file

Description

 

This article describes, that In a Security Fabric, when using an Automation Stich to perform backups over FTP/TFTP/SFTP, the network administrator might run into an issue, where the backups performed do not have a unique name, and therefore the units in the security fabric overwrite the file at the server.

 

Scope

 

FortiOS.

 

Solution

 

 

Configuration:

 

config system automation-action
    edit "backup"
        set action-type cli-script
        set script "execute backup config ftp %%date%%.conf 192.168.1.28 fortinet fortinet"
        set execute-security-fabric enable
        set accprofile "super_admin"
    next
end

 

config system automation-trigger
    edit "min22"
        set trigger-type scheduled
        set trigger-frequency hourly
        set trigger-minute 35
    next
end

 

config system automation-stitch
    edit "backup"
        set trigger "min22"
            config actions
                edit 1
                    set action "backup"
                    set required enable
                next
            end
    next
end


When this stitch runs, the same exact filename will be generated, in the format YYYY-MM-DD.conf, so all the appliances will overwrite the file at the FTP server.

 

Example Fabric Root:

 

2024-12-16 15:22:08 0: set script "execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet"
2024-12-16 15:22:08 0: end
2024-12-16 15:22:08 __action_cli_script_open()-186: cli script action:backup is called. svc ctx:0x114599e0
accprof:super_admin script:
execute backup config ftp %%date%%.conf 192.168.1.28 fortinet fortinet

2024-12-16 15:22:09 [show_walker_construct:84] open('/tmp/system.conf.3136.gS0tYi) to save config of 'global'
2024-12-16 15:22:09 0: execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet
2024-12-16 15:22:10 __cli_script_close()-121: cli script:
autod.0
output:
########## script name: autod.0 ##########

========== #1, 2024-12-16 15:22:08 ==========
delorean-kvm36 $ execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet

Connect to ftp server 192.168.1.28 ...
Please wait...
Send config file to ftp server OK.


Example Fabric downstream member:


2024-12-16 15:22:07 0: set script "execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet"
2024-12-16 15:22:07 0: set output-size 0
2024-12-16 15:22:07 0: end
2024-12-16 15:22:07 __action_cli_script_open()-186: cli script action:backup is called. svc ctx:0x10221e00
accprof: script:
execute backup config ftp %%date%%.conf 192.168.1.28 fortinet fortinet

2024-12-16 15:22:07 pid:2055-__handle_msg()-414: Subscriber:4 received package. pubid:1 pkgid:3304 pkg_index:127
2024-12-16 15:22:07 pid:2055-__handle_pkg_logs()-356: Subscriber:4 processing package size:3562 logs:3 pickup:1
2024-12-16 15:22:07 pid:2055-__subscr_close_cur_pkg()-140: close package size:3562 logs:3
2024-12-16 15:22:08 [show_walker_construct:84] open('/tmp/system.conf.20689.3ZpyhA) to save config of 'global'
2024-12-16 15:22:08 0: execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet
2024-12-16 15:22:08 __cli_script_close()-121: cli script:
autod.0
output:
########## script name: autod.0 ##########

========== #1, 2024-12-16 15:22:07 ==========
jaguar-kvm13 $ execute backup config ftp 2024-12-16.conf 192.168.1.28 fortinet fortinet

Connect to ftp server 192.168.1.28 ...
Please wait...
Send config file to ftp server OK.

 

To overcome this issue, it is possible to use a variable that makes the filename unique, like the hostname of the device (devname):

 

config system automation-action
    edit "backup"
        set action-type cli-script
        set script "execute backup config ftp %%devname%%-%%date%%.conf 192.168.1.28 fortinet fortinet"
        set execute-security-fabric enable
        set accprofile "super_admin"
    next
end


With this configuration, both the hostname and date will be appended to the file:

 

Fabric Root:

 

2024-12-16 15:35:08 0: set script "execute backup config ftp delorean-kvm36-2024-12-16.conf 192.168.1.28 fortinet fortinet"
2024-12-16 15:35:08 0: end
2024-12-16 15:35:08 __action_cli_script_open()-186: cli script action:backup is called. svc ctx:0x1159a260
accprof:super_admin script:
execute backup config ftp %%devname%%-%%date%%.conf 192.168.1.28 fortinet fortinet

2024-12-16 15:35:09 0: execute backup config ftp delorean-kvm36-2024-12-16.conf 192.168.1.28 fortinet fortinet
2024-12-16 15:35:09 pid:2070-__handle_msg()-414: Subscriber:4 received package. pubid:1 pkgid:133 pkg_index:126
2024-12-16 15:35:09 pid:2070-__handle_pkg_logs()-356: Subscriber:4 processing package size:939 logs:2 pickup:2
2024-12-16 15:35:09 pid:2070-__subscr_close_cur_pkg()-140: close package size:939 logs:2
2024-12-16 15:35:10 __cli_script_close()-121: cli script:
autod.6
output:
########## script name: autod.6 ##########

========== #1, 2024-12-16 15:35:08 ==========
delorean-kvm36 $ execute backup config ftp delorean-kvm36-2024-12-16.conf 192.168.1.28 fortinet fortinet

Connect to ftp server 192.168.1.28 ...
Please wait...
Send config file to ftp server OK.


Example Fabric downstream member:

 

2024-12-16 15:35:07 0: set script "execute backup config ftp jaguar-kvm13-2024-12-16.conf 192.168.1.28 fortinet fortinet"
2024-12-16 15:35:07 0: set output-size 0
2024-12-16 15:35:07 0: end
2024-12-16 15:35:07 __action_cli_script_open()-186: cli script action:backup is called. svc ctx:0x101efe90
accprof: script:
execute backup config ftp %%devname%%-%%date%%.conf 192.168.1.28 fortinet fortinet

2024-12-16 15:35:07 pid:2055-__handle_msg()-414: Subscriber:4 received package. pubid:1 pkgid:3325 pkg_index:127
2024-12-16 15:35:07 pid:2055-__handle_pkg_logs()-356: Subscriber:4 processing package size:1172 logs:1 pickup:1
2024-12-16 15:35:07 pid:2055-__subscr_close_cur_pkg()-140: close package size:1172 logs:1
2024-12-16 15:35:08 0: execute backup config ftp jaguar-kvm13-2024-12-16.conf 192.168.1.28 fortinet fortinet
2024-12-16 15:35:08 __cli_script_close()-121: cli script:
autod.6
output:
########## script name: autod.6 ##########

========== #1, 2024-12-16 15:35:07 ==========
jaguar-kvm13 $ execute backup config ftp jaguar-kvm13-2024-12-16.conf 192.168.1.28 fortinet fortinet

Connect to ftp server 192.168.1.28 ...
Please wait...
Send config file to ftp server OK.

191
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.