Troubleshooting Tip: Unable to backup FortiGate config to external FTP server: 'Send config file to ftp server via vdom root failed. Command fail. Return code 12'

Nivedha · ‎05-26-2024

Description

This article discusses an issue when the backup of the firewall config to the FTP server does not work.

Scope

FortiGate.

Solution

To backup config to the FTP server, use this link:

Technical Tip: Backup of configuration file from CLI using FTP

The issue will be based on this setup:

FortiGate 10.14.2.159 ---- FTP server 10.14.2.116

To backup the config to FTP we run the following command:

execute backup config ftp <filename> <ftp server>[:ftp port] <username> <password>

Follow this KB article is the error code is 12, If the error code is 5:

Troubleshooting Tip: Unable to backup FortiGate config to external FTP server - Send config file to ...

Error: 'Send config file to ftp server via vdom root failed. Command fail. Return code 12'

12 FTP_INPUT_ERR Error reading INPUT or STDIN.

Generally, error 12 occurs when the destination folder is not available. Do a packet capture on FortiGate:

diag sniffer packet any 'host <FTP server>' 6 0 l

Follow:

Technical Tip: How to import 'diagnose sniffer packet' data to WireShark to convert the sniffer output to PCAP.

From GUI:

Go to Network -> Packet capture (upto 7.0.x models) or Network -> Diagnostics (v7.2.x and above). Put a filter for the FTP server IP as the host

Packet capture will show that the directory is not correct:

Packet capture.PNG
Visit the FTP server and check the correct file directory to use.

Note:

It is also possible to use Filezilla to list the directory that allows access.