Hi guys, I am trying to configure the automatic tftp backup on our new 100F Forti. I followed a guide how to do the configuration but according to the syslog the process always gets somehow stopped and deleted by the autoscript. When I execute the command manual the backup works. We have two VDOMs, root for MGMT and 1 for production traffic. The configuration is done in the global level (I also tried with adding config global in the cli script).
Anyone has an idea where the issue can be? I am absolute cluesless :\
The Eventlogs I have says:
1. Automation stitch triggered
stitch:backup-stitch is triggered.
2. Autoscript stop automatically
script autod.6 stopped automatically
3. Autoscript delete result
User delete the result of script autod.6 from autod
The Config looks like this:
Trigger:
config system automation-trigger
edit "TFTP-Daily-Backup"
set description ''
set trigger-type scheduled
set trigger-frequency daily
set trigger-hour 16
set trigger-minute 54
next
Action:
edit "backup-action"
set description ''
set action-type cli-script
set minimum-interval 1
set script "execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
set output-size 10
set timeout 0
set execute-security-fabric disable
set accprofile "super_admin"
next
Stitch:
config system automation-stitch
edit "backup-stitch"
set description ''
set status enable
set trigger "TFTP-Daily-Backup"
config actions
edit 1
set action "backup-action"
set delay 0
set required enable
next
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @ErrantOsi ,
I encountered the same problem in Fortigate with vdom. But I solved my problem by writing "config global". I think the "config global" spelling is important here.
this style
--------------------
set script "config global
execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
not same this
-------------------------
set script "config global execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
Which style did you try before? The correct one is the first style. If this thing didn't work in your environment. Could you run these commands and share the output with us?
exec auto-script stopall
diag debug reset
diag test app autod 1
diag debug cli 7
diag debug enable
exec auto-script start <stitch_name>
You could run a status output and see details of the script.
exec auto-script status <name>
exec auto-script result <name>
The script will stop if a condition is met:
output-size 10 (megabyte in memory)
set timeout 0 (unlimited)
Best regards,
Markus
Hi Markus thanks for your answer. I am not sure what you mean? How is the exec auto-script status or result helping in this case? There is no script I created, its just in the automation action?
Hello @ErrantOsi ,
I encountered the same problem in Fortigate with vdom. But I solved my problem by writing "config global". I think the "config global" spelling is important here.
this style
--------------------
set script "config global
execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
not same this
-------------------------
set script "config global execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
Which style did you try before? The correct one is the first style. If this thing didn't work in your environment. Could you run these commands and share the output with us?
exec auto-script stopall
diag debug reset
diag test app autod 1
diag debug cli 7
diag debug enable
exec auto-script start <stitch_name>
if the auto-script is used at least, one needs to run
exec auto-script result <stitch name>
to get its output.
the config global part is a bit tricky. When you need to run multi-line commands you must add them in the same way, ideally just write the stuff in a notepad and paste to the FortiGate CLI. For example:
...
set minimum-interval 1
set script "config global
execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
set output-size 10
...
you need to keep the double quotes exactly where they are.
Similar description here:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Automated-script-execution/ta-p/193685
I honestly don't know the differences between
"config system automation-trigger" and "config system auto-script", but would guess multilines need to be run the same. If you got VDOMs, there is basically no choice. Need to enter the VDOM (global or whatever else), then run the commands.
Best regards,
Markus
Thank you so much for your help!! The problem was the one you stated:
As we use VDOMs we have to write the "config global" exactly like this:
set script "config global
execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
and NOT on the same line like this:
set script "config global execute backup config tftp FOLDERNAME/%%devname%%-%%date%%.conf 10.10.10.10"
In the CLI it looks like this:
edit "TFTP-Backup1-Action"
set description ''
set action-type cli-script
set minimum-interval 0
set script "config global
execute backup config tftp FOLDER/%%devname%%-%%date%%.conf IPADDRESS"
set output-size 10
set timeout 0
set execute-security-fabric disable
set accprofile "admin_prof-admin"
next
In the GUI like that:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1535 | |
1028 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.