| Description | This article describes one of the more common issues when transferring a FortiManager config backup to a remote SFTP server, and offers a workaround. |
| Scope | FortiManager. |
| Solution |
In this scenario, the user has created an SFTP server to initiate an SFTP transfer from FortiManager as per this article: How to Create SFTP User without Shell Access on CentOS/RHEL 8.
The SFTP user created this way should only have access to the chrooted home directory (/var/sftp) and the directory 'files' (/var/sftp/files) via SFTP.
If the SFTP user only has permission for a specific folder (e.g /home/sftpuser/fmgbackup), then the user has to specify the complete directory path when setting up the path.
For example:
execute backup all-settings sftp 10.47.4.149 /home/sftpuser/fmgbackup sftpuser password
An error will occur when specifying only the 'files' directory in the 'exe backup...' command as the destination for the FortiManager backup transfer:
Running 'diagnose debug app curl -1' while the transfer is initiated will show that authentication was successful, but the upload operation failed.
To resolve this, specify the filename of the backup to be uploaded to the SFTP server:
execute backup all-settings sftp <SFTP server IP> /<directory>/<filename> <SFTP user> <password>
The upload will be successful, as can be seen in the debug output. CLI configuration can be like:
config system backup all-settings
Related article: Technical Tip: How to configure Email Notifications for backup SFTP connections failure |
