Hi all, we have Security fabric containing 1 root fortigate and 6 downstream Fortigates and i am trying to create an automation stitch on the root Fortigate for automatic ftp backups. The problem is that after i configure CLI script , i get backup only from the root Fortigate even though the action is synchronized with other FGTs.
Furthermore i can see other Fortigates CPU is almost hiting the 100% and there are many traffic logs toward the FTP server ( so obviously they are sending or trying to send). The FTP server is reachable from every of them.
And also is there a way to put some variable ( for example HOSTNAME%% ) to create unique file names for every Fortigate.
The syntax i am using is:
execute backup full-config ftp FTP-Folder/ <my FTP IP address>:21 <my username> <my password>
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you using an automation stitch or cli? %%devname%% is producing "hostname" in the Automation stitch. If using CLI you could try a regular environmental variable such as $SerialNum to differentiate by serial number.
Is the FTP server on Windows? Can you make sure the file override permission is there for <my username>?
If you have a non-windows based FTP server, the solution in below article works to create unique file names (not sure if %HOSTNAME% works, but we can give a try)
Add the variable %%devname%% to the file name to help differentiate them. This will be the hostname of the FortiGate.
Nope, still not working.. The variable %%devname%% is generating filename "%%devname%%" , not the hostname of the FGT.
Are you using an automation stitch or cli? %%devname%% is producing "hostname" in the Automation stitch. If using CLI you could try a regular environmental variable such as $SerialNum to differentiate by serial number.
Yeaah, you a right. When in automation stitch, the %%devname%% is generating the hostname, but when you try to paste this into CLI, it's not working, but i can confirm that:
execute backup full-config ftp <folder>/%%devname%% <IP:port> <username> <pass>
is working.
The ftp server is linux based and actually is recieving backups from other our fortigates ( from different branch offices) so i am sure the user have enough permissions.
If my script is something like this:
execute backup config ftp #fgt_%%date%%_%%time%%.conf
i assume it will be the same for all FGTs on security fabric so all backup files will look like this:
""fgt_2021-12-30_11:37:58.conf "" and i can't differentiate which one is from who...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.