Hello guys. First of all sorry for my bad English. In the fortigate that we use in my company, I made the configuration of an automatic script so that a full backup of my fortigate is made every day.
I am moving the .conf file to a server through a TFTP, but the backup is overlapped. Is there a way to not overlap?
Each day I generate the new backup, create a new file and move it to the server? example: Backup_20180508 - first day Backup_20180509 The second day and so on.
Thank you guys
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
That is the last line, you must start for the first one:
1) set DESTINATION=\\192.168.1.10\Backup Firewall
A) Delete the spaces between words: set DESTINATION = \\ 192.168.1.10 \ Backup Firewall
B) This create a environment variable with the name DESTINATION which points to your file share.
C) you can found more information about this in this site: https://ss64.com/nt/set.html
D) Also check the folder Backup Firewall because you have an space between those two words.
E) Try to create the file share and assigned the letter D. I didnt try with
If this goes right, try next sentence and go on.
Hi there!
you can do this with pscp
1) Create a user with read only privilege in the Fortigate. ie: user backup, password: 1234 2) In a File Share (ie: D:\backup\), put PSCP.EXE and create a BAT file with this: set DESTINATION=D:\backup set FECHA=%date:~6,4%%date:~3,2%%date:~0,2% set LOG=D:\backup\backup.log echo Y|pscp -P 22 -pw 1234 backup@192.168.0.1:sys_config %DESTINATION%FORTIGATE%FECHA%.conf >> %LOG% 192.168.0.1 is the IP of your Fortigate. In the BAT file the user and password is stored in clear text, so that's why is necessary a read only user, but if you don't mind, you can use the admin user. 3) Create a schedule task in windows to execute the bat. In addition: Just check the SCP is enabled in your Fortigate: config system global set admin-scp enable end and of course, you have to download pscp: http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Hope it helps!
Thanks for the help lescudero.
I followed the steps, but I did not succeed in generating the backup file.
I downloaded PSCP.exe and placed the file inside a shared folder, which is on a backup server.
Example: \\ 192.168.1.10 \ Backup Firewall I created the .BAT file with the following settings:
set DESTINATION = \\ 192.168.1.10 \ Backup Firewall
set DATE =% date: ~ 6.4 %% date: ~ 3,2 %% date: ~ 0,2%
set LOG = \\ 192.168.1.10 \ Backup.log
echo Y | pscp -P 22 -pw 1234 @ user_backup@192.168.1.1: sys_config% DESTINATION% FORTIGATE% DATE% .conf >>% LOG%
I created a task on windows to run the BAT every 1 minute to test and it is not generating any backup files.
Note: I checked in my fortigate and SCP is enabled. The user_backup only has read permission on my fortigate and I created it as a local user, is that correct?
Thanks again.
Hi there! you're welcome!
The user_backup must be a administrator user with read only permissions.
Also you can do two things:
1) Execute manually the bat and check if the configuration file is created.
2) Open Backup.log with Notepad and check if you can see any issue.
Ok, you can do the same thing with a cmd manually.
Open a cmd and copy and paste every line in the bat file and see the output. If its is something wrong in the syntax or you have a typo you can find it doing this.
On the line
echo Y | pscp -P 22 -pw 1234 User_backup@192.168.1.1: sys_config% DESTINATION% FORTIGATE% DATE% .conf >>% LOG%
You gave the following error: The network name can not be found
That is the last line, you must start for the first one:
1) set DESTINATION=\\192.168.1.10\Backup Firewall
A) Delete the spaces between words: set DESTINATION = \\ 192.168.1.10 \ Backup Firewall
B) This create a environment variable with the name DESTINATION which points to your file share.
C) you can found more information about this in this site: https://ss64.com/nt/set.html
D) Also check the folder Backup Firewall because you have an space between those two words.
E) Try to create the file share and assigned the letter D. I didnt try with
If this goes right, try next sentence and go on.
Thank you very much.
Worked perfectly.
The problem was in the way. I changed to D: and it worked.
Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.