Automated Full-config backups

ilucas · ‎11-17-2014

We would like to be able to scheduled automated full-config backups to be offloaded to an FTP server. I know the fortimanager has backup capabilities of configs for its registered devices but we do not really need a full central management system (though it would be nice).

I'm wondering if anyone has used other solutions/workarounds to make this happen. I believe FortiMail or FortiWeb devices have a scheduled backup that can be run, but not FortiGate.

Thank you,

Ian

----

FG 200B/30D/60D/80D/100D/200D/300D

FE 200D

Dave_Hall · ‎11-17-2014

See emnoc's post about scp or search link at the top of this page.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

TechnoR05 · ‎11-17-2014

Hello,

We use putty run from the tftp server.

It's not the best security, also it is TFTP and all plain-text, but we have a task scheduled that does a backup every day of each vdom and also a full backup.

It's something like this :

the task runs a .bat file calling putty and login info :

C:\Putty.exe -ssh <Fortigate IP> -l <UserLoginName> -pw <UserPassword> -m C:\BackupGlobal.txt

And the txt files are similar to :

config global exe backup config tftp <Filename> <ServerIP> end exit

- -

Does what we need, you could probably build from there.

Regards

View solution in original post

adikad · ‎01-27-2016

with new FortiOS5.4 you can now have a scheduled auto config backup !

config system auto-script

edit "backup" set interval (secs) set repeat () set start auto set script "execute backup config tftp config.txt x.x.x.x" next end

cheers

ã

View solution in original post

emnoc · ‎03-13-2018

Not possible. I prefer the scp and usinga script to set the date/hostname.

http://socpuppet.blogspot...ion-files-backups.html

PCNSE

NSE

StrongSwan

JRoberts · ‎07-19-2018

Having difficulty finding specific information about the meaning of various "Return Code" values for a specific CLI Backup FTP error.

While executing a CLI backup command I have seen the command return the following error

Send config file to ftp server via vdom root failed.

with different accompanying return codes depending on the situation

Return Code 1

Return Code 5

Return Code 10

Does anyone know where I might find details of what these Return Codes mean relative to the error code, or if you can offer some idea of what they mean from personal experience.

Thanks in advance.

~James

ytlpsnet · ‎08-28-2016

use a linux server, then config a script to schedule backup as below:

#!/bin/bash #linux/UNIX SERVERS="your_fortigate_ip_address" # SSH User name USR="your_fortigate_username" PWD="your_fortigate_password" timestamp=$(date +"%y-%m-%d") # connect each host for host in $SERVERS do sshpass -p $PWD scp -oStrictHostKeyChecking=no $USR@$host:sys_config /home/backup-fortigate-config/"$timestamp"_"$host".conf done echo 'Backup Completed!' exit

make sure you have config crontab for this script to backup in schedule, like every 2 days or 1 week...

teamradon · ‎05-01-2017

As a note to those thinking of using SCP and a read-only user.

I had this working and then when the time came to restore, the restore went fine except I could not login with an admin account!

If the SCP backup is taken with a read-only account, it does not get the config for your super user account(s). Yes I double checked that my read-only account has access to EVERYTHING. I did call support and they confirmed. I personally feel this is a huge flaw but.......

I have confirmed that if I connect and take the backup using SCP and using credentials for a super user that all user information is included.

Thankfully I had a full backup that existed for this router and I was able to copy the necessary user info to the backup file and then restore.

lscunha · ‎09-03-2018

Followed this tutorial http://kb.fortinet.com/kb....do?externalID=FD39818

And got the same error,

Send config file to ftp server via vdom root failed. Command fail. Return code 5

Someone fixed it ?

sruthi_reddy · ‎01-20-2021

Hello lscunha , JRoberts ,

FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password

Please wait...

Connect to ftp server 10.160.96.88 ... Send config file to ftp server via vdom root failed. Command fail. Return code 5

Received the same error.

I followed https://phoenixnap.com/kb/install-ftp-server-on-ubuntu-vsftpd to install vsftpd on Ubuntu Server.

Ran a tcpdump on the server: sudo tcpdump -i any port 21 -vvvv

Observed error message: 550 permission denied

Have to edit: vsftpd.conf file to change settings: write_enable=NO, to write_enable=YES and it worked.

It seems to be permission issue on the FTP server. Can you please run TCPDUMP on the server and post here?

After changing settings, I was able to send the file:

FGT (root) # execute backup full-config ftp /srv/ftp/ch4.conf 10.160.96.2 username password Please wait...

Connect to ftp server 10.160.96.88 ... Send config file to ftp server OK.

Hope that helps. :)

Thanks,

Sruthi

NSE7