Hi all,
I'm fairly new to the Fortinet suit of security devices. I have set up a scheduled SFTP backup on the FortiAnalyzer and FortiManager which was very simply to do. Locally, the SFTP password is hashed in the config, lovely.
However, Fortigate appears to be a different story. To achieve a “Fortinet native” solution of a scheduled/automated backup. I looked at automation stitches, unfortunately the "cli script” option requires the SFTP password to be stored in clear text.
Does anyone know of any other “Fortinet native” solution to schedule automated backups to SFTP servers on Fortigates without having to store the SFTP password in clear text? Just not acceptable to store passwords in clear text in my opinion and against policy in general.
My next stop is to move the automated backup process out of the Fortigate environment and move it to a netmiko/paramiko python solution. I would prefer an “in product” solution.
Currently using v7.0.7.
Thanks,
JSG
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi JSG,
Since FortiOS version 7.2.1 password masking in configuration backups has been integrated.
I hope you are able to upgrade to this version to get advantage of this feature.
Regards,
Hello jsg!
Thanks for posting on the Fortinet Community Forum.
I will for assistance and get you documentation or help. We will contact you as soon as possible in this thread.
Kindest regards,
Hi JSG,
Since FortiOS version 7.2.1 password masking in configuration backups has been integrated.
I hope you are able to upgrade to this version to get advantage of this feature.
Regards,
One small problem with this so called "solution". It doesn't solve the original issue. I have the exact same issue. Yes you can mask the passwords WITHIN the config file. However, you still have to expose the password to the SFTP server to get the config file backed up in the first place! Serious security weakness. Mask the SFTP password AS WELL! When you upload the script it will expose that password in the script no matter what.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.