Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Joro5928
New Contributor II

Automation stitch on downstream Fortigate

Hi all, we have Security fabric containing 1 root fortigate and 6 downstream Fortigates and i am trying to create an automation stitch on the root Fortigate for automatic ftp backups. The problem is that after i configure CLI script , i get backup only from the root Fortigate even though the action is synchronized with other FGTs.

Furthermore i can see other Fortigates CPU is almost hiting the 100% and there are many traffic logs toward the FTP server ( so obviously they are sending or trying to send). The FTP server is reachable from every of them.

And also is there a way to put some variable ( for example HOSTNAME%% ) to create unique file names for every Fortigate.

 

The syntax i am using is:

 

execute backup full-config ftp FTP-Folder/ <my FTP IP address>:21 <my username> <my password>

1 Solution
Sam_FTNT

Are you using an automation stitch or cli? %%devname%% is producing "hostname" in the Automation stitch. If using CLI you could try a regular environmental variable such as $SerialNum to differentiate by serial number. 

NSE8#3306

View solution in original post

6 REPLIES 6
srajeswaran
Staff
Staff

Is the FTP server on Windows? Can you make sure the file override permission is there for <my username>?

If you have a non-windows based FTP server, the solution in below article works to create unique file names (not sure if %HOSTNAME% works, but we can give a try)

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-date-and-time-in-file-name-for-sche...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Sam_FTNT

Add the variable %%devname%% to the file name to help differentiate them. This will be the hostname of the FortiGate. 

NSE8#3306
Joro5928
New Contributor II

Nope, still not working.. The variable %%devname%% is generating filename "%%devname%%" , not the hostname of the FGT.

Sam_FTNT

Are you using an automation stitch or cli? %%devname%% is producing "hostname" in the Automation stitch. If using CLI you could try a regular environmental variable such as $SerialNum to differentiate by serial number. 

NSE8#3306
Joro5928
New Contributor II

Yeaah, you a right. When in automation stitch, the %%devname%% is generating the hostname, but when you try to paste this into CLI, it's not working, but i can confirm that:
execute backup full-config ftp <folder>/%%devname%% <IP:port> <username> <pass>
is working.

Joro5928
New Contributor II

The ftp server is linux based and actually is recieving backups from other our fortigates ( from different  branch offices) so i am sure the user have enough permissions.

If my script is something like this:

execute backup config ftp #fgt_%%date%%_%%time%%.conf

 

i assume it will be the same for all FGTs on security fabric so all backup files will look like this:

""fgt_2021-12-30_11:37:58.conf "" and i can't differentiate which one is from who...

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors