Hi Team,
I need to automate the execution of configuration backups automatically, and I have encountered the following problem:
FortiGate-600F v7.0.12,build0523,230606 (GA.M) with 2 Vdoms
If I launch the command:
execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password
The result is OK
FWCNTCPDINET1 (global) # execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password
Please wait...
Connect to sftp server 10.154.4.68 ...
Please wait...
Connect to sftp server 10.154.4.68 ...
Send config file to sftp server OK.
But if we check in the FTP Server, the file has not been generated correctly, it does not replace the literal %%date%% with the date.
user@FCBBCKFWPROVM01:~$ ls -l
total 1484
-rw-r--r-- 1 user user 1516234 Jan 12 07:52 Config_%%date%%.conf
user@FCBBCKFWPROVM01:~$ user@FCBBCKFWPROVM01:~$
If I automate it "Security Fabric\Automation", I see that the automation does not even work.
Config
FW (global) # conf system automation-trigger
FW (Backup) # get
name : Backup
description :
trigger-type : scheduled
trigger-frequency : daily
trigger-hour : 9
minute of activation : 40
FW (global) # conf sys automation-action
FW (automation-action) # edit Backup
Tested options
FW (Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : config global execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password
script : config global execute backup full-config sftp Config_%%log.date%%.conf 10.154.4.68 user password
execute-security-fabric: disable
accprofile : super_admin
FW (Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password
script : execute backup full-config sftp Config_%%log.date%%.conf 10.154.4.68 user password
execute-security-fabric: disable
accprofile : super_admin
FW (global) # con system automation-stitch
FW (automation-stitch) # edit Backup
FW (Backup) # get
name : Backup
description :
status : enable
trigger : Backup
actions:
== [ 1 ]
id: 1 action: Backup
destination :
FW (Backup) # config actions
FW (actions) # edit 1
FW (1) # get
id : 1
action : Backup
delay : 0
required : enable
When the automation is executed, it does not save the file on the FTP server.
And if we access the FTP Server, no file has been uploaded.
user@FCBBCKFWPROVM01:~$ ls -l
total 0
user@FCBBCKFWPROVM01:~$
FortiGate-70F v7.2.5,build1517,230606 (GA.F)
In this other FW, the automastimo works correctly, but it does not work when we launch the Backups manually.
FW # execute backup full-config sftp FW_%%log.date%%_%%log.time%%.conf 10.154.4.68 fcbadmin fcbadmin
Please wait...
Connect to sftp server 10.154.4.68 ...
Send config file to sftp server OK.
user@FCBBCKFWPROVM01:~$ ls -l
total 968
-rw-r--r-- 1 fcbadmin fcbadmin 988204 Jan 12 08:54 FW_%%log.date%%_%%log.time%%.conf
user@FCBBCKFWPROVM01:~$
If we automate it, it works correctly
user@FCBBCKFWPROVM01:~$ ls -l
total 2676
-rw-r--r-- 1 fcbadmin fcbadmin 742509 Jan 12 08:54 FGT70FTK22012009_FWMTN003INET1_2024-01-12_09:55:08.conf
-rw-r--r-- 1 fcbadmin fcbadmin 1002720 Jan 12 08:55 FGT70FTK22012346_FWMTN003INET1_2024-01-12_09:55:23.conf
user@FCBBCKFWPROVM01:~$
Why does it work in some cases and not in others, and can it be due to the version?
Is there a stable version in which the backup automation works correctly?
Thanks & Best Regards,
Juanmi
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Juanmi
As per my knowledge, the %%xxx%% is only for automation stitches, and will not work for CLI.
On the other hand there is a known bug on 7.0.1:
719029 Automation stitch action no longer understands %%log.date%% and %%log.time%% variables.
So "probably" your 7.0.12 is still affected by this bug.
Ho Team,
I have tested on three FW with different versions and on one it works and on the other two it does not.
Below I summarize the tests performed in each case.
FW1 version v7.0.12 build0523 (Mature)
Exucute Backup from vdom Global# Execute backup full-config sftp FW1_global.conf <IP> <user> <pass> // Execute OK
Execute Backup from vdom root# Execute backup full-config sftp FW1_root.conf <IP> <user> <pass> // Execute OK
Execute Backup from automation-stitch // FAIL
execute backup full-config sftp FWWiFi.conf <IP> <user> <pass>
config global execute backup full-config sftp FWWiFi.conf <IP> <user> <pass>
SFTP SERVER
user@FCBBCKFWPROVM01:~$ ls -l
-rw-r--r-- 1 user user 1516238 Jan 15 07:41 FW1_global.conf
-rw-r--r-- 1 user user 933110 Jan 15 07:40 FW1_root.conf
user@FCBBCKFWPROVM01:~$
This is the configuration applied in all the FWs
FW(global) # config system automation-trigger
FW(automation-trigger) # edit Backup
FW(Backup) # get
name : Backup
description :
trigger-type : scheduled
trigger-frequency : daily
trigger-hour : <hour>
trigger-minute : <time>
FW(Backup) #
FW(global) # config system automation-action
FW(automation-action) # edit Backup
FW(Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : execute backup full-config sftp FWxxxxx.conf <IP> <User> <Password>
execute-security-fabric: disable
accprofile : super_admin
FW(Backup) #
FW(global) # config system automation-stitch
FW(automation-stitch) # edit Backup
FW(Backup) # get
name : Backup
description :
status : enable
trigger : Backup
actions:
== [ 1 ]
id: 1 action: Backup
destination :
FW2 version v7.2.6 build1575 (Feature)
Execute Backup from automation-stitch // OK
user@FCBBCKFWPROVM01:~$ ls -l
total 4104
-rw-r--r-- 1 user user 742482 Jan 15 07:33 FGT70FTK22012009_2024-01-15_08:34:11.conf
-rw-r--r-- 1 user user 1002693 Jan 15 07:33 FGT70FTK22012346_2024-01-15_08:34:13.conf
Thanks & Best Regards,
Juanmi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.