Description | This article describes several troubleshooting methods that can be followed when experiencing SFTP configuration backup issues in FortiGate. |
Scope | FortiGate. |
Solution |
Since FortiOS v7.0.1, administrators now have the option to backup the configuration file using SFTP.
When performing a manual SFTP backup config from the FortiGate CLI or when using the same command through a CLI script in an automation stitch fail, it is recommended to check the items listed in this article.
Example error for an unsuccessful backup attempt from FortiGate CLI due to wrong credentials:
The same error will show up for connectivity issues between FortiGate and the SFTP server, and if the users has insufficient privileges.
execute telnet <IP address or domain name> <SFTP port#>
If the SFTP server cannot be reached by telnet, check the following:
get router info routing-table details <SFTP IP address>
diag sniff packet any 'host <SFTP IP address> and port <SFTP port#>' 4 0 l
After, simulate the traffic.
execute backup config sftp </directory/filename> <SFTP server>[<:SFTP port>] <username> <password>
Below is an example of CLI output for a successful attempt to create an SFTP configuration backup. The default SFTP port number is TCP port 22.
Here are two scenarios where a non-root user 'testpau6' is being utilized for the SFTP configuration backup:
Scenario A:
User 'testpau6' serves as the owner of the /home/testpau6 directory. User permission for the /home/testpau6 directory is 'rwx', so the user 'testpau6' can successfully send backup config in that particular directory.
Successful backup of fgt.conf in the /home/testpau6 directory:
Scenario B:
User 'testpau6' was added to the 'root' user group. user 'root' serves as the owner of the /backup directory and is also part of the 'root' user group. Group permission for the /backup directory is 'rwx', so the user 'testpau' can successfully send the backup config to that particular directory.
Adding user 'testpau' to the 'root' user group:
Successful backup of fgt.conf in the /backup directory:
Related articles: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.