Topology:

 In this example:

• The PC is directly connected to the management port of the FortiSwitch.
• The PC is running an FTP/TFTP application.
• The PC has an IP of 192.168.1.100/24.
• The FortiSwitch management interface has an IP of 192.168.1.99/24 (in this example, the IP is set on a secondary).

config system interface
    edit "mgmt"
        set mode dhcp
        set allowaccess ping https ssh snmp
        set type physical
        set secondary-IP enable
        set defaultgw enable
            config secondaryip
                edit 1
                    set ip 192.168.1.99 255.255.255.0
                    set allowaccess ping https ssh
                next
            end
        next
    end

Note:

• Sometimes, the Windows firewall or antivirus may block FTP/TFTP traffic. Disable the firewall feature on the PC if needed.
• Verify if able to ping ip of the PC from FortiSwitch and vice versa.

From FortiSwitch:

S648FFTXXXXXXXX # execute ping 192.168.1.100

From PC:

TestPC> ping 192.168.1.99

Download FortiSwitch Configuration to an FTP Server.

Note:

The FortiSwitch does not reboot during this process.

S648FFTXXXXXXXX # execute backup config ftp <Filename/FTP-path>  <ftp server>[:ftp port]  <FTP-username> <FTP-password> <passwd>

<Filename/FTP-path>  <----- <string> Define a file name/path on the FTP server.

<ftp server>[:ftp port] <----- Specify the FTP server (IPv4, IPv6, or FQDN). (if changed default ftp port then specify in the command).

<FTP-username> <-----  FTP username (based on FTP server configuration).

<FTP-password>  <-----  FTP password (based on FTP server configuration).

<passwd> <-----  (Optional) password to protect the backup content.

Example:

S648FFTXXXXXXXX # execute backup config ftp test.conf 192.168.1.100 admin admin123 test123

Connect to ftp server 192.168.1.100 ...
Please wait...
Send config file to ftp server OK.
Setting timestamp

The above command demonstrates that the backup configuration is saved to the FTP server (PC 192.168.1.100) with the configuration file named 'test. conf'. 'admin' and 'admin123' are the FTP username and password, respectively.

The password 'test123' is used to encrypt the content, which is optional and can be skipped. If the <passwd> (test123) is not used, the configuration file will be in a clear, readable format.

Note:

If the <passwd> is used in the command, ensure to keep a record of the password, as it will be required when restoring the configuration on the FortiSwitch.

Upload Configuration from FTP Server to FortiSwitch.

Note:

The FortiSwitch will reboot during this process.

S648FFTXXXXXXXX #  execute restore config ftp test.conf 192.168.1.100 admin admin123 test123

Here is the command to get the config from the TFTP server using restore.

S648FFTXXXXXXXX # execute restore config ftp test.conf 192.168.1.100 admin admin123 test123

This operation will overwrite the current settings!
Do you want to continue? (y/n)y        <----- Type Y  and the FortiSwitchwill reboot.

Please wait...

Connect to ftp server 192.168.1.100 ...
Get config file from ftp server OK.
File check OK.

Note:

If the configuration file was encrypted using the password during the process mentioned in 'Download the FortiSwitch config to an FTP server', and if the password is either not provided or incorrect during the restoration process, the FortiSwitch will fail to restore the configuration. Below is the error that might be noticed when failed:

S648FFTXXXXXXXX # execute restore config ftp test.conf 192.168.1.100 admin admin123
This operation will overwrite the current settings!
Do you want to continue? (y/n)y

Please wait...

Connect to ftp server 192.168.1.100 ...
Get config file from ftp server OK.
Invalid config file
Command fail. Return code -39

Download FortiSwitch Configuration to a TFTP Server.

Note:

The FortiSwitch does not reboot during this process.

S648FFTXXXXXXXX # execute backup config tftp <Filename/TFTP-path>  <tftp server>  <passwd>

<Filename/TFTP-path>  <-----  <string> Make a file name(path) on the FTP server.

<tftp server> <----- FTP server IPv4, IPv6, or FQDN can be attached with port.

<passwd> <-----  (Optional) password to protect the backup content.

S648FFTXXXXXXXX # execute backup config tftp testtftp.conf 192.168.1.100 test123
Connect to tftp server 192.168.1.100 ...
Please wait...
#
Send config file to tftp server OK.
Setting timestamp 

The above command shows that the backup configuration is saved to the TFTP server (PC 192.168.1.100) using TFTP, with the configuration file named 'testtftp.conf'. The password 'test123' is used to encrypt the configuration content.

Note:

If the <passwd> is used in the command, ensure to keep a record of the password, as it will be required when restoring the configuration on the FortiSwitch.

Upload Configuration from TFTP Server to FortiSwitch.

Note:

The FortiSwitch will reboot during this process.

S648FFTXXXXXXXX # execute restore config tftp test.conf 192.168.1.100 test123
This operation will overwrite the current settings!
Do you want to continue? (y/n)y   <========================= type Y  and the FortiSwitch will reboot.

Please wait...

Connect to tftp server 192.168.1.100 ...

Get config file from tftp server OK.
File check OK.

Note:

If the configuration file was encrypted using the password during the process mentioned in 'Download the FortiSwitch config to an TFTP server', and if the password is either not provided or incorrect during the restoration process, the FortiSwitch will fail to restore the configuration. Below is the error that might noticed:

S648FFTXXXXXXXX # execute restore config tftp test.conf 192.168.1.100
This operation will overwrite the current settings!
Do you want to continue? (y/n)y

Please wait...

Connect to tftp server 192.168.1.100 ...

Get config file from tftp server OK.
Invalid config file
Command fail. Return code -39

To verify the config was restored run the following command:

S648FFTXXXXXXXX # execute revision list config

ID            TIME              ADMIN  FIRMWARE VERSION          COMMENT

24 2024-10-22 00:04:54 admin V7.6.0-build1015-REL0 Automatic backup (config restored)

The same command can be applied for remote TFTP/FTP servers, provided that:

• There is network reachability between the FortiSwitch and the FTP/TFTP server.
• FTP/TFTP ports are not blocked in the path between the server and the FortiSwitch.