Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SteveJW
New Contributor III

Created on ‎11-06-2025 07:17 AM

Forticlient EMS 7.4.4 backup issues with Veeam

We migrated from Forticlient 7.2.13 to 7.4.4. ESXi VM appliance
We backup our VMs with Veaam.
We have the following settings for most backup jobs.Veaam.jpg

But I'm getting the following error with the Forticlient EMS 7.4.4 server.
Veeam1.jpg

If the "Enable application-aware processing" option is deselected, the backup completes successfully.

Regarding Postgres, I thought it wise to check the "Enable application-aware processing" option.

Is a VM backup without this option a reliable restore?

Labels:
143
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎11-06-2025 09:48 AM

I think you are right about the risk of DB consistency (and I guess for FS as well).

As this feature needs an agent I don't think this is possible for EMS 7.4.4 VM mode (installed from OVA image). But technically it should be possible if it was installed in standalone mode (EMS binary installed on Ubuntu server that you prepared before).

 

So I think there are some possible solutions:

 

1. Install EMS server and DB on different servers. Ref: https://docs.fortinet.com/document/forticlient/7.4.4/install-and-migration-guide/169245/installing-e...

This will allow you manage the DB and back it up with regular methods.

 

2. Deploy EMS in standalone mode (EMS binary installed on Ubuntu), then you can install Veeam's PostgreSQL agent. But even if it should work I can't tell if this is officially supported by Fortinet, since I think I read in some EMS doc that nothing else should be installed on the VM. You may open a ticket to get official response.

 

3. Use backup from EMS software in addition to VM backup, so in case the VM restores gives an inconsistent DB you can restore the DB from the regular backup. You can also automate the backup using CLI (via scheduled SSH from remote server). Ref: https://docs.fortinet.com/document/forticlient/7.4.4/ems-cli-reference/715436/emscli-execute-backup

 

Hope it helps.

AEK
AEK
121
0 Kudos
SteveJW
New Contributor III
In response to AEK

Created on ‎11-07-2025 03:31 AM Edited on ‎11-07-2025 04:11 AM

Thanks for the reply AEK.

This year was a Forticlient EMS journey. Without any initial knowledge, upgrading/migrating from 6.4 to 7.4.4 took a few months.
We're a Windows oriented, and our Linux knowledge is minimal. That's why we opted for the OVA image.
Finally, everything is now migrated and up and running. We only need to upgrade the workstations and servers from 7.2.11 to 7.4.4.

So, I don't think management will appreciate carrying out points 1 or 2.
Point 3 seems like the best option in our situation.
I need to figure out how to automate daily or weekly backups using SSH plink

82
0 Kudos
AEK
SuperUser
SuperUser
In response to SteveJW

Created on ‎11-08-2025 12:12 PM

You can do it from a Linux client using crontab (old school method) using this command.

ssh ems@x.x.x.x execute backup --remote.ip y.y.y.y --remote.user bkpuser ...

You may also need to install "sshpass" to enter the password in the CLI (be careful with this), or passworless method by copying the ssh key to EMS (I don't know if EMS supports this).

Or I guess there are some modern tools on Windows that can do it more easily.

The was my opinion. So you may also open a p4 ticket to ask for the recommended ways to schedule EMS backup.

AEK
AEK
34
0 Kudos
SteveJW
New Contributor III
In response to AEK

Created on ‎11-09-2025 12:27 AM

You have a Windows tool (plink) for a similar solution.
I think the following should also be possible:
Start-Transcript "C:\Path\To\backuplog\FortiBackup_Log.txt" -Append
$FortiEMS_IP = "<FortiEMS_IP>"
$Username = "ems"
$Password = "<YourPassword>"
$Command = "emscli execute backup [flags]"
& "C:\Path\To\plink.exe" -batch -ssh $Username@$FortiEMS_IP -pw $Password $Command
Stop-Transcript

 

Before running the script, manually run this command once to generate and save the ssh fingerprint.
"C:\Path\To\plink.exe" -batch -ssh Username@FortiEMS_IP -pw Password

I haven't tried that yet. I've used a similar batch file in the past as a scheduled task for restarting an HPE MSA service weekly via SSH.

I can potentially call that batch file via Veeam before or after backing up the EMS server.
Veeam-Scripts.jpg

But there's more to it than that. The backup server is in a different VLAN, do i need to open port 22, set permissions for the backup account, etc.

It would be easier if I could save the backup locally on the EMS server and then back up the EMS VM with Veeam, rather than all the hassle described above.

But I don't think it'll be that easy. :)

I'll create a ticket. I'm curious to hear what the advice will be.
I'll keep you updated.

15
AEK
SuperUser
SuperUser
In response to SteveJW

Created on ‎11-09-2025 01:35 AM

If EMS and backup server are in different VLANs then you need to open the required port in your firewall (port 22 TCP).

I don't have knowledge on how you can do local backup in EMS installed in VM mode.

AEK
AEK
10
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.