Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zmk
New Contributor

Fortigate 30D - FTP Backup

Hello,

i would to to implement automated fortigates backups.

I have to use two solutions. FTP and SCP. But i have issue with FTP

 

I used comnad:

execute backup full-config ftp name.config ip user passwd

 

zmk_0-1643156594869.png

 

At my main router where i have a VM with FTP in the same subnet. (Source:10.1.1.2)

But in other locations connected by ipsec i have a problems (10.1.12.0). Connection between 10.1.12.0 <-> 10.1.1.234 its working. But only if i chose my internal interface. From global cli doesnt work. I dont use a vdoms at this FG.

 

zmk_1-1643157069042.png

 

My interface configuration:

 

zmk_3-1643157210810.png

 

After Executed backup from CLI i got that:

 

zmk_4-1643157342673.png

I run PCAP and i could see a source WAN address. How can i change it to address from WAN to internal interface 10.1.12.253 ?

zmk_5-1643157471769.png

 

Thanks for any help

 

 

3 REPLIES 3
Julien87
New Contributor III

Hi Zmk,

 

I don't think there is the output interface setting.
However, you can use a local lan address as a Virtual IP address (example 10.1.12.250 if free) to the backup FTP server address.   

The virtual IP would be :   external IP 10.1.12.250 map to 10.1.1.234 for the port 21 (ftp)


So the for backup command would be:   execute backup full-configuration ftp fg.conf 10.1.12.250 fg test123

 

i have try this configuration in lab , it's ok for me after this change.

 

Best regards

Julien
zmk
New Contributor

Julien, thanks for your repley

I tried that, and any results:

 

zmk_0-1643207540965.png

 

Trafic destination was changed from IPSEC tunnel to local lan

zmk_1-1643207825036.png

 

SCP is working properly, i just use other protocol. SCP is more secure

Best Regards and thanks for answer

Julien87
New Contributor III

Okay, you're welcome

have a nice day

 

 

Julien