Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
klaughin
New Contributor

Created on ‎05-26-2023 06:06 AM

Backup Configuration from different network

Recently I upgraded a FortiGate 100E from FortiOS 6.4.X to 7.0.X. Since then, I am no longer able to backup the configuration automatically. Here is a basic topology of my network. 

 

 

Screenshot 2023-05-26 085703.png

 

when running the "execute backup config" command from CLI I get the error 

"Send config file to ftp server via vdom root failed.
Command fail. Return code 5"

From CLI, when running "exec ping 192.168.2.10" I do not get a response. However, when I set the source of the ping to "192.168.1.2" I DO get a response. 

I assume I need to source the exec backup config command as well. How do I route this properly?

Labels:
801
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎05-26-2023 06:22 AM Edited on ‎05-26-2023 06:25 AM

Can you confirm the best route is via 192.168.1.1 ?

get router info routing-table details 192.168.2.10

 

If the best route is not via 192.168.1.1, the source IP may be of the corresponding intreface and the destination may not have a route back. Running below sniffer can confirm if the packet is leaving firewall and if there is return packet

execute ping to 192.168.2.10 from a terminal and collect sniffer on another terminal

diagnose sniffer packet any "host 192.168.2.10 and proto 1" 4

 

 

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

793
0 Kudos
2 REPLIES 2
srajeswaran
Staff
Staff

Created on ‎05-26-2023 06:22 AM Edited on ‎05-26-2023 06:25 AM

Can you confirm the best route is via 192.168.1.1 ?

get router info routing-table details 192.168.2.10

 

If the best route is not via 192.168.1.1, the source IP may be of the corresponding intreface and the destination may not have a route back. Running below sniffer can confirm if the packet is leaving firewall and if there is return packet

execute ping to 192.168.2.10 from a terminal and collect sniffer on another terminal

diagnose sniffer packet any "host 192.168.2.10 and proto 1" 4

 

 

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
794
0 Kudos
klaughin
New Contributor
In response to srajeswaran

Created on ‎05-26-2023 07:15 AM

I was not aware of this diagnosis command, thank you!

 

This showed me a rogue route that had been setup before that was no longer needed. Not sure why this issue only presented itself after the firmware update, but removing that rogue route has resolved the issue. 

 

Thank you!

777
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.