Hey guys, so this looks like a bug but maybe someone has an idea... :)
We have a FortiGate-1500D version 7.2.7 with VDOMs enabled. I created an automation task to do a backup via tftp. The backup executes the following CLI script:
config global
execute backup full-config tftp foldername/%%devname%%-%%date%%.conf 1.2.3.4
The task and export itself works, however I just noticed that the content of the backup is not correct. It contains only all the interfaces from the root VDOM and their whole default config, no firewalls rules from the production vdoms, no objects etc.
Now the super weird part: When I execute the CLI script manually with my hand in the CLI, it creates a correct backup full with all the necessary configurations and VDOMs etc.
The exact same backup automation stitch with the same CLI script (copy+paste) also works on other Firewall, a 100F with also 7.2.7.
The only visible difference for me is in the fourth line in each of the correct and incorrect backup files:
Correct backup:
#config-version=FG100F-7.2.7-FW-build1577-240131:opmode=0:vdom=1:user=daemon_admin
#conf_file_ver=65045892438396211
#buildno=1577
#global_vdom=1
Incorrect backup:
#config-version=FG1K5D-7.2.7-FW-build1577-240131:opmode=0:vdom=1:user=daemon_admin
#conf_file_ver=698821243992104
#buildno=1577
#global_vdom=0:vd_name=root/root
Does someone has an idea what the issue could be?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @ErrantOsi ,
Which administrator profile is selected in the Automation Action?
Hello @ErrantOsi ,
Which administrator profile is selected in the Automation Action?
Hey ozkanaltas!
Oh wow... that was it :D I had the default "prof_admin" inside there. After changing it to another admin profile which I created for our TACACS access the backup now contains the correct full configuration.
It looks like the "prof_admin" only can use CLI commands in specific VDOMs but not Global (with it's default config). That was it...
Thank you so much! I woud have never guessed that :D
Hello @ErrantOsi ,
I'm glad it worked. :)
It's related to permission in the admin profile.
If you configure the scope area with Global, you can get config backup for all vdoms with the prof_admin profile.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.