|
In v7.4.5 or later, when a user tries to back up the full configuration from Global VDOM in a multi-VDOM scenario, the operation may fail with the following output:
FW01 (global) # execute backup config sftp /system/data/Fortigate/Config/backup.conf 192.176.23.2 username password
Please wait...
Connect to sftp server 192.176.23.2 ...
Send config file to sftp server via vdom root failed.
Command fail. Return code -1
This issue occurs due to a behavior change introduced in 7.4.5 and 7.6.0. Any command executed in the global VDOM is always run in management-vdom.
In the above example, the root VDOM is the management VDOM. Since the root doesn't have reachability to the SFTP server, the FortiGate is unable to initiate the connection, causing the backup operation to fail.
Before v7.4.5, executing the same command would succeed and produce output similar to the following:
FortiGate01 (global) # execute backup config sftp /system/data/Fortigate/Config/backup.conf 192.176.23.2 username password
Please wait...
Connect to sftp server 192.176.23.2 ...
Send config file to sftp server OK.
The behavior is expected to be fixed in the 8.0.0 version. The following workarounds can be used until the 8.0.0 release:
- Download the full configuration via GUI.
- Use SCP for configuration backup: Technical Tip: Backing Up the FortiGate configuration file via SCP with limited Read/Write permissio...
- Create an inter-VDOM link to forward configuration backup traffic to any other VDOM with reachability to the SFTP server from the management VDOM.
|
