Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raphael_lage
New Contributor

Auto-script override

Hello guys. First of all sorry for my bad English. In the fortigate that we use in my company, I made the configuration of an automatic script so that a full backup of my fortigate is made every day.

 

I am moving the .conf file to a server through a TFTP, but the backup is overlapped. Is there a way to not overlap?

 

Each day I generate the new backup, create a new file and move it to the server? example: Backup_20180508 - first day Backup_20180509 The second day and so on.

 

Thank you guys

1 Solution
Iescudero

That is the last line, you must start for the first one:

 

1) set DESTINATION=\\192.168.1.10\Backup Firewall

                     A) Delete the spaces between words: set DESTINATION = \\ 192.168.1.10 \ Backup Firewall

                     B) This create a environment variable with the name DESTINATION which points to your file share.

                     C) you can found more information about this in this site:   https://ss64.com/nt/set.html

                     D) Also check the folder Backup Firewall because you have an space between those two words.

                     E) Try to create the file share and assigned the letter D. I didnt try with 

 

If this goes right, try next sentence and go on.

View solution in original post

8 REPLIES 8
Iescudero
Contributor II

Hi there!

you can do this with pscp

 

1) Create a user with read only privilege in the Fortigate. ie: user backup, password: 1234 2) In a File Share (ie: D:\backup\), put PSCP.EXE  and create a BAT file with this: set DESTINATION=D:\backup set FECHA=%date:~6,4%%date:~3,2%%date:~0,2% set LOG=D:\backup\backup.log echo Y|pscp -P 22 -pw 1234 backup@192.168.0.1:sys_config %DESTINATION%FORTIGATE%FECHA%.conf >> %LOG%   192.168.0.1 is the IP of your Fortigate. In the BAT file the user and password is stored in clear text, so that's why is necessary a read only user, but if you don't mind, you can use the admin user.   3) Create a schedule task in windows to execute the bat.   In addition: Just check the SCP is enabled in your Fortigate: config system global set admin-scp enable end and of course, you have to download pscp: http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html   Hope it helps!

raphael_lage

Thanks for the help lescudero.

 

I followed the steps, but I did not succeed in generating the backup file.

 

I downloaded PSCP.exe and placed the file inside a shared folder, which is on a backup server.

 

Example: \\ 192.168.1.10 \ Backup Firewall I created the .BAT file with the following settings:

 

set DESTINATION = \\ 192.168.1.10 \ Backup Firewall

set DATE =% date: ~ 6.4 %% date: ~ 3,2 %% date: ~ 0,2%

set LOG = \\ 192.168.1.10 \ Backup.log

echo Y | pscp -P 22 -pw 1234 @ user_backup@192.168.1.1: sys_config% DESTINATION% FORTIGATE% DATE% .conf >>% LOG%

 

I created a task on windows to run the BAT every 1 minute to test and it is not generating any backup files.

 

Note: I checked in my fortigate and SCP is enabled. The user_backup only has read permission on my fortigate and I created it as a local user, is that correct?

 

Thanks again.

Iescudero

Hi there! you're welcome!

The user_backup must be a administrator user with read only permissions.

Also you can do two things:

 

1) Execute manually the bat and check if the configuration file is created.

2) Open  Backup.log with Notepad and check if you can see any issue.

 

 

raphael_lage

Hello!

User_backup is an administrator.

I executed the bat manually and it opens and closes quickly, but no files are created.

Is it necessary to do anything with PSCP.exe? Or does he just need to be in the briefcase?

I've attached an image of how the structure is.

Thank you

 
Iescudero

Ok, you can do the same thing with a cmd manually.

Open a cmd and copy and paste every line in the bat file and see the output. If its is something wrong in the syntax or you have a typo you can find it doing this.

raphael_lage

On the line

echo Y | pscp -P 22 -pw 1234 User_backup@192.168.1.1: sys_config% DESTINATION% FORTIGATE% DATE% .conf >>% LOG%

You gave the following error: The network name can not be found
Iescudero

That is the last line, you must start for the first one:

 

1) set DESTINATION=\\192.168.1.10\Backup Firewall

                     A) Delete the spaces between words: set DESTINATION = \\ 192.168.1.10 \ Backup Firewall

                     B) This create a environment variable with the name DESTINATION which points to your file share.

                     C) you can found more information about this in this site:   https://ss64.com/nt/set.html

                     D) Also check the folder Backup Firewall because you have an space between those two words.

                     E) Try to create the file share and assigned the letter D. I didnt try with 

 

If this goes right, try next sentence and go on.

raphael_lage

Thank you very much.

 

Worked perfectly.

 

The problem was in the way. I changed to D: and it worked.

 

Thank you

Labels
Top Kudoed Authors