While FortiManager keeps a record of changes made on all managed FortiGate Devices in Device Manager, sometimes FortiGate config backups need to be made in a remote server at regular intervals. To create unique backup files for each FortiGate device from FortiManager, TCL scripting is required.

To enable TCL scripting, the following FortiManager setting is required:

config system admin setting

    set show_tcl_script enable

end

The following TCL script will append a human-readable timestamp to the resulting backup file name; it can be run from Device Manager directly to all managed FortiGate devices:

#!
proc get_sys_status aname {
upvar $aname a
set input [exec "get system status\n" "# " 15]
set linelist [split $input \n]
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Hostname {
set a(hostname) [string trim $value]
}}
}
}

get_sys_status status
puts -nonewline [exec "exe backup config ftp backup_$status(hostname)_[clock format [clock seconds] -format %H%M%S]_[clock format [clock seconds] -format %d.%m.%y].conf <FTP server IP> ftpuser <password>\n" "#" 30]

Make sure the script type is set to TCL:

Once the script is run from FortiManager, FortiGate will perform a config backup and upload the file to a remote FTP server with unique file names: