We would like to be able to scheduled automated full-config backups to be offloaded to an FTP server. I know the fortimanager has backup capabilities of configs for its registered devices but we do not really need a full central management system (though it would be nice).
I'm wondering if anyone has used other solutions/workarounds to make this happen. I believe FortiMail or FortiWeb devices have a scheduled backup that can be run, but not FortiGate.
Thank you,
Ian
----
FG 200B/30D/60D/80D/100D/200D/300D
FE 200D
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
See emnoc's post about scp or search link at the top of this page.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hello,
We use putty run from the tftp server.
It's not the best security, also it is TFTP and all plain-text, but we have a task scheduled that does a backup every day of each vdom and also a full backup.
It's something like this :
the task runs a .bat file calling putty and login info :
C:\Putty.exe -ssh <Fortigate IP> -l <UserLoginName> -pw <UserPassword> -m C:\BackupGlobal.txt
And the txt files are similar to :
config global exe backup config tftp <Filename> <ServerIP> end exit
- -
Does what we need, you could probably build from there.
Regards
with new FortiOS5.4 you can now have a scheduled auto config backup !
config system auto-script
edit "backup" set interval (secs) set repeat () set start auto set script "execute backup config tftp config.txt x.x.x.x" next end
cheers
ã
Not possible. I prefer the scp and usinga script to set the date/hostname.
http://socpuppet.blogspot...ion-files-backups.html
PCNSE
NSE
StrongSwan
Having difficulty finding specific information about the meaning of various "Return Code" values for a specific CLI Backup FTP error.
While executing a CLI backup command I have seen the command return the following error
Send config file to ftp server via vdom root failed.
with different accompanying return codes depending on the situation
Return Code 1
Return Code 5
Return Code 10
Does anyone know where I might find details of what these Return Codes mean relative to the error code, or if you can offer some idea of what they mean from personal experience.
Thanks in advance.
~James
use a linux server, then config a script to schedule backup as below:
#!/bin/bash #linux/UNIX SERVERS="your_fortigate_ip_address" # SSH User name USR="your_fortigate_username" PWD="your_fortigate_password" timestamp=$(date +"%y-%m-%d") # connect each host for host in $SERVERS do sshpass -p $PWD scp -oStrictHostKeyChecking=no $USR@$host:sys_config /home/backup-fortigate-config/"$timestamp"_"$host".conf done echo 'Backup Completed!' exit
make sure you have config crontab for this script to backup in schedule, like every 2 days or 1 week...
As a note to those thinking of using SCP and a read-only user.
I had this working and then when the time came to restore, the restore went fine except I could not login with an admin account!
If the SCP backup is taken with a read-only account, it does not get the config for your super user account(s). Yes I double checked that my read-only account has access to EVERYTHING. I did call support and they confirmed. I personally feel this is a huge flaw but.......
I have confirmed that if I connect and take the backup using SCP and using credentials for a super user that all user information is included.
Thankfully I had a full backup that existed for this router and I was able to copy the necessary user info to the backup file and then restore.
Followed this tutorial http://kb.fortinet.com/kb....do?externalID=FD39818
And got the same error,
Send config file to ftp server via vdom root failed. Command fail. Return code 5
Someone fixed it ?
FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password
Please wait...
Connect to ftp server 10.160.96.88 ... Send config file to ftp server via vdom root failed. Command fail. Return code 5
Received the same error.
I followed https://phoenixnap.com/kb/install-ftp-server-on-ubuntu-vsftpd to install vsftpd on Ubuntu Server.
Ran a tcpdump on the server: sudo tcpdump -i any port 21 -vvvv
Observed error message: 550 permission denied
Have to edit: vsftpd.conf file to change settings: write_enable=NO, to write_enable=YES and it worked.
It seems to be permission issue on the FTP server. Can you please run TCPDUMP on the server and post here?
After changing settings, I was able to send the file:
FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password Please wait...
Connect to ftp server 10.160.96.88 ... Send config file to ftp server OK.
Hope that helps. :)
Thanks,
Sruthi
NSE7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.