Fortinet Community

zmk · ‎01-25-2022

Hello,

i would to to implement automated fortigates backups.

I have to use two solutions. FTP and SCP. But i have issue with FTP

I used comnad:

execute backup full-config ftp name.config ip user passwd

At my main router where i have a VM with FTP in the same subnet. (Source:10.1.1.2)

But in other locations connected by ipsec i have a problems (10.1.12.0). Connection between 10.1.12.0 <-> 10.1.1.234 its working. But only if i chose my internal interface. From global cli doesnt work. I dont use a vdoms at this FG.

My interface configuration:

After Executed backup from CLI i got that:

I run PCAP and i could see a source WAN address. How can i change it to address from WAN to internal interface 10.1.12.253 ?

Thanks for any help

Julien87 · ‎01-26-2022

Hi Zmk,

I don't think there is the output interface setting.
However, you can use a local lan address as a Virtual IP address (example 10.1.12.250 if free) to the backup FTP server address.

The virtual IP would be : external IP 10.1.12.250 map to 10.1.1.234 for the port 21 (ftp)

So the for backup command would be: execute backup full-configuration ftp fg.conf 10.1.12.250 fg test123

i have try this configuration in lab , it's ok for me after this change.

Best regards

Julien

zmk · ‎01-26-2022

Julien, thanks for your repley

I tried that, and any results:

Trafic destination was changed from IPSEC tunnel to local lan

SCP is working properly, i just use other protocol. SCP is more secure

Best Regards and thanks for answer

Julien87 · ‎01-26-2022

Okay, you're welcome

have a nice day

Julien

Fortinet Community

Fortigate 30D - FTP Backup

News & Articles

Security Research

Company

Contact Us