Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Naga
New Contributor

Created on ‎08-05-2015 05:54 PM

Error when restoring a configuration using SCP

Hello, 

 

I tried to use restoring configuration with following scp command:

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/basic_setup.096...

(I don't use fgt_restore_config, but fgt-restore-config)

 

It seems restoring was finished, but there were two problems,

 

1) Received following errors before restore

#scp <local_file> <admin_user>@<host>:fgt-restore-config <admin_user>'s password: <local_file>

printcmdb.c, 1928: node_get_from_object error for global printcmdb.c, 1928: node_get_from_object error for interface printcmdb.c, 1928: node_get_from_object error for admin printcmdb.c, 1928: node_get_from_object error for ha printcmdb.c, 1928: node_get_from_object error for storage printcmdb.c, 1928: node_get_from_object error for device-category printcmdb.c, 1928: node_get_from_object error for storage printcmdb.c, 1928: node_get_from_object error for fortiguard printcmdb.c, 1928: node_get_from_object error for console

End Restore <local_file> to <host>

 

2) It seems something is wrong, for example, exec traceroute received error like this;

*traceroute: sendto: Operation not permitted 

 

Any idea to solve this?

 

Thanks in advance.

 

 

 

 

Labels:
10556
0 Kudos
13 REPLIES 13
emnoc
Esteemed Contributor III

Created on ‎08-06-2015 11:45 PM

OP is the config file correct for the FortiOS version your running? Look at the 1st 3 lines of the cfg validate the right file by type and  version.

e.g

 

#config-version=FWF60D-5.02-FW-build670-150318:opmode=0:vdom=1:user=admin #conf_file_ver=12854391105018001111 #buildno=0670

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4465
0 Kudos
Naga
New Contributor
In response to emnoc

Created on ‎08-07-2015 01:09 AM

Yes, it's same.

 

#config-version=FG100D-5.00-FW-build292-140731:opmode=0:vdom=1:user=<admin_user> #conf_file_ver=327945981713478992 #buildno=0292

 

FYI, firmware version is this: v5.0,build0292 (GA Patch 9)

 

Thanks,

 

4465
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎08-07-2015 02:14 AM

could it be a bug ?

 

What I would do;

 

1: down load a unencrypted backup

 

2: diff the 1st one you tried  to the newly created backup

 

3: try to re-upload the newly create backup and see what happens

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4465
0 Kudos
Naga
New Contributor
In response to emnoc

Created on ‎08-09-2015 08:32 PM

Hi emnoc,

 

I tired to test.

 

1: Saved current configration which has error (as "current.config")

2: Factory reset + basic configration, settting IP and enabling SCP (as "basic.config" ) 3: The results are:     (restoring with scp command)     from basic.config to current.config -> No error     from basic.config to basic.config -> No error     from current.config to basic.config -> Error     from current.config to current.config -> Error

 

It seems scp self do not have a bug, and current.config has setting(s) which makes error in case of changing that.

 

I wish you have some ideas for this.

 

Thanks,

4465
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎08-10-2015 02:16 AM

I have the suspicion that you are using VDOMs, and the restore only affected the root VDOM. Can you clarify, please?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4465
0 Kudos
Naga
New Contributor
In response to ede_pfau

Created on ‎08-10-2015 02:40 AM

I am using VDOMs, but restore is not affected only to root VDOM, but to all VDOMs.

 

Is scp restore command only for the configuration without virtual clustering ? 

 

Thanks,

4465
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎08-10-2015 03:20 AM

Content differs depending on the filename you are pulling: either sys_config (regular) or fgt-config (with all VDOM settings).

Have a look at this thread: https://forum.fortinet.com/tm.aspx?m=114055

 

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4465
0 Kudos
Naga
New Contributor
In response to ede_pfau

Created on ‎08-10-2015 03:48 AM

Hi ede_pfau,

 

I'm getting configuration by using "fgt-config", found at here;

http://docs-legacy.fortin...asic_setup.096.53.html

 

after that, I use follwing command for restoring.

#scp <local_file> <admin_user>@<host>:fgt-restore-config

 

I found this command in this url:

http://docs-legacy.fortin...asic_setup.096.55.html

 

In this url, we should use "fgt_retsore_config" but this is not work so I use "fgt-restore-config". (guessing fgt_restore_config is typo)

 

Thanks,

 

 

4465
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎08-10-2015 04:45 AM

Did you diff the download via the webgui and the scp download? if the configuration is messed up  or different, I expect the unit to complain and fall over with errors.

 

And yes you can use the "fgt-restore-config" in fact I think anything with  fgt-restore in it will work :)

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4465
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.