Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gllgeorgiev92
New Contributor

Forti backups to Azure blob

Hi guys, i am trying to configure our Fortigates to send scheduled backups to Azure blob storage, but with no success.
I've set up a blob containers and a webhook on Forti side, but keep recieving this error when triggering the automation:
auto_curl_perform()-107: Curl perform error:22 - HTTP response code said error.
__action_webhook_status()-150: Failed to perform curl for url:https://....... ( URL to my containers)

Here is my webhook action:
---------------------------------------------------------------------------------------------------
config system automation-action
edit "HTTP-to-azure"
set action-type webhook
set protocol https
set method put
set uri "<HIDDEN>.blob.core.windows.net/<HIDDEN>"
set http-body "%%results%%"
set port 443
config http-headers
edit 4
set key "Content-Type"
set value "text/plain"
next
end
set verify-host-cert disable
next
end

----------------------------------------------------------------------------------------------

I am pretty sure that my Azure configuration is working, because from Azure explorer app , when connecting to blob container using the same link as on the Forti side, i can upload and see files.

7 REPLIES 7
ozkanaltas
Valued Contributor III

Hello @gllgeorgiev92 ,

 

You can use Sftp backup instead of webhook. I think, this way more easier.  

 

You can read these articles, Azure blob storage sftp support and how to configure automated backup on FortiGate. 

 

https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-send-automated-backups-of-the-confi...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
gllgeorgiev92
New Contributor

Thank you @ozkanaltas , i  am aware of the SFTP backup solution, but it is the more cost expensive way ( SFTP is charged on hour basis)

ozkanaltas
Valued Contributor III

Hello @gllgeorgiev92 ,

 

I understand your concern. 

 

I found one article similar to your error. I think this is related to the http-body side. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Curl-perform-error-22-with-Microsoft-Teams...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
gllgeorgiev92
New Contributor

Thank you, i saw this article and double check it - seems like we don't have this double back slash issue:

 

set http-body "%%results%%"

dbhavsar
Staff
Staff

Hi @gllgeorgiev92 ,

 

can you run these debugs and share output:
diagnose test application autod 1
diag deb console timestamp enable
di deb en

diagnose automation test <automation-stitch-name>

 

DNB
gllgeorgiev92
New Contributor

The stitch is created with Local Cert Expired Notification as a trigger ( just to be able to Test it manually), but the action is as my first post's configuration. This is the result:

2024-04-09 17:08:15 auto_generate_generic_curl_request()-548: Generic automation CURL request Host header: <my hidden storage>.blob.core.windows.net
2024-04-09 17:08:15 auto_generate_generic_curl_request()-551: Adding 2 user defined headers
2024-04-09 17:08:18 auto_curl_perform()-107: Curl perform error:22 - HTTP response code said error.
2024-04-09 17:08:18 __action_webhook_status()-150: Failed to perform curl for url:https://<my hidden storage>.blob.core.windows.net/forti2?sp=racwdli&st=2024-04-09T08:16:14Z&se=2024-04-25T16:16:14Z&spr=https&sv=2022-11-02&sr=c&sig=GLcj5yrfhKCAvFhjvM51PluRqgg54nAOAgDc61HiNY30%3D.
2024-04-09 17:08:18 __run_action()-298: Error when running service for stitch:Test-to-azure action:HTTP-to-azure.

gllgeorgiev92
New Contributor

 I managed to upload it with this settings:

onfig system automation-action
edit "HTTP-to-azure"
set action-type webhook
set minimum-interval 20
set protocol https
set method put
set uri "<hidden>.blob.core.windows.net/<hidden>/fortibackup66?sp=racwdli&st=2024-04-09T14:34:50Z&se=2024-04-09T22:34:50Z&spr=https&sv=2022-11-02&sr=c&sig=111111111111vOgcEMFzBgZ1XFtLo%2BM3MLlpdc%3D"
set http-body "%%results%%"
set port 443
config http-headers
edit 4
set key "Content-Type"
set value "text/plain"
next
edit 3
set key "x-ms-version"
set value "2020-10-02"
next
edit 5
set key "x-ms-blob-type"
set value "BlockBlob"


but obviously the fortigate is not allowing to upload files bigger than 16kb... which is not enough for full-config

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors