Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Naga
New Contributor

Created on ‎08-05-2015 05:54 PM

Error when restoring a configuration using SCP

Hello, 

 

I tried to use restoring configuration with following scp command:

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/basic_setup.096...

(I don't use fgt_restore_config, but fgt-restore-config)

 

It seems restoring was finished, but there were two problems,

 

1) Received following errors before restore

#scp <local_file> <admin_user>@<host>:fgt-restore-config <admin_user>'s password: <local_file>

printcmdb.c, 1928: node_get_from_object error for global printcmdb.c, 1928: node_get_from_object error for interface printcmdb.c, 1928: node_get_from_object error for admin printcmdb.c, 1928: node_get_from_object error for ha printcmdb.c, 1928: node_get_from_object error for storage printcmdb.c, 1928: node_get_from_object error for device-category printcmdb.c, 1928: node_get_from_object error for storage printcmdb.c, 1928: node_get_from_object error for fortiguard printcmdb.c, 1928: node_get_from_object error for console

End Restore <local_file> to <host>

 

2) It seems something is wrong, for example, exec traceroute received error like this;

*traceroute: sendto: Operation not permitted 

 

Any idea to solve this?

 

Thanks in advance.

 

 

 

 

Labels:
10563
0 Kudos
13 REPLIES 13
Naga
New Contributor
In response to emnoc

Created on ‎08-10-2015 05:58 PM

It's good news for me that using "fgt-restore-config" is regular way. 

 

The "diff" between WebGUI and SCP shows that only private key infomation (DEK-Info and private key body) is different. I couldn't find any other difference between these two configurations which I took both in 5 miniutes ago.

 

I tried to upload WebGUI configuration via SCP just in case, but result is same, had same errors.

 

Thanks,

1689
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎08-10-2015 07:03 PM

Can I ask a very dumb question, the  username your using to restore  what's the acc_profile for that user ( all read-write )?

If the "accprofile" doesn't let that user write, I could see that error. That's about the only issues I could think of.

 

So let make 100% sure, that  this is not a account profile restriction issue.

 

And on the restoral anything with <fgt-restore-config> in the name , will work if your ever curiouse.g

mybigfatfgt-restore-config works just as good as  fgt-restore-config

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1689
0 Kudos
Naga
New Contributor
In response to emnoc

Created on ‎08-11-2015 05:52 PM

Hi Ken,

I use "admin" which is given by system as default. I didn't have changed any acc_profile for this FG. Also, updating operation to new configuration file shows writing operation is allowed.

 

FYI, I use shell-script for restoring so operation is always executed with same way.

 

Thanks,

1689
0 Kudos
Allwyn_Mascarenhas
Contributor

Created on ‎09-15-2015 03:04 AM

I have made this batch file for conf dload using scp, works great. Put it all in notepad and change the extension to .bat.

 

Also enable scp on the fgt:



conf sys global


 set admin-scp enable


end


 


echo off
echo firewall backup
set /p cn=Enter client:
set /p ip=Enter ip:
set /p un=Enter un:
set /p pwr=Enter pw:
echo
cd c:\Program Files\PuTTY
pscp -pw %pwr% %un%@%ip%:sys_config c:\backup\%cn%-%DATE%-%TIME::=%.conf
PAUSE



					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			 
 


		
			
					
		
	
				
		
			
					
			
		
				
		
			
		
			
					
				
		
	
	


		

	

		

			
		

			
		

	

		

			

	
		
			

  1689


		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Kudos

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
			
					
				
		
	
	


		

			

	
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



		
		
	


	

	




			
				


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


			
		

	

	

				
		
		
			
		
	
	


		

			

	
		
			
 
Announcements

	
    	
Check out our Community Chatter Blog!
Click here to get involved
        
    

 

		
			
		
			
 
Labels

	
	
	

		
			

	

		
 

		

			

				
					

						

							
								
        
	
							
						

					

				
				

					

						
		
				

					

	
	


				

			
	
					

				

			

		

		
 

	



			
		
	


 

		
			
 
Top Kudoed Authors


	

	

	

	
		

	 
	
	
	


	
	
View all



 

		
	
	


		

	

		

			
		

	

		

			

	
		
			

	

		

			

	
		
			
		
	
	


		

	

		

			

	
		
			
 
 
 
  
 Broad. Integrated. Automated. 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
 
 
 Social Media  
 
 
 Security Research  
 
 Company  
 
 
 News & Articles  
 
 Contact Us  
 
 
 



		

			
Copyright  2025 Fortinet, Inc. All Rights Reserved.