Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ErrantOsi
New Contributor III

Created on ‎04-05-2024 12:15 AM

Fortigate backup problems - Same command, different outputs :/

Hey guys, so this looks like a bug but maybe someone has an idea... :)

We have a FortiGate-1500D version 7.2.7 with VDOMs enabled. I created an automation task to do a backup via tftp. The backup executes the following CLI script:

config global
execute backup full-config tftp foldername/%%devname%%-%%date%%.conf 1.2.3.4

The task and export itself works, however I just noticed that the content of the backup is not correct. It contains only all the interfaces from the root VDOM and their whole default config, no firewalls rules from the production vdoms, no objects etc.

Now the super weird part: When I execute the CLI script manually with my hand in the CLI, it creates a correct backup full with all the necessary configurations and VDOMs etc.

The exact same backup automation stitch with the same CLI script (copy+paste) also works on other Firewall, a 100F with also 7.2.7.

 

The only visible difference for me is in the fourth line in each of the correct and incorrect backup files:

Correct backup:

#config-version=FG100F-7.2.7-FW-build1577-240131:opmode=0:vdom=1:user=daemon_admin
#conf_file_ver=65045892438396211
#buildno=1577
#global_vdom=1

 

Incorrect backup:

#config-version=FG1K5D-7.2.7-FW-build1577-240131:opmode=0:vdom=1:user=daemon_admin
#conf_file_ver=698821243992104
#buildno=1577
#global_vdom=0:vd_name=root/root

 

Does someone has an idea what the issue could be?

Labels:
225
0 Kudos
1 Solution
ozkanaltas
Contributor III

Created on ‎04-05-2024 01:02 AM

Hello @ErrantOsi ,

 

Which administrator profile is selected in the Automation Action?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
211
3 REPLIES 3
ozkanaltas
Contributor III

Created on ‎04-05-2024 01:02 AM

Hello @ErrantOsi ,

 

Which administrator profile is selected in the Automation Action?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
212
ErrantOsi
New Contributor III
In response to ozkanaltas

Created on ‎04-05-2024 01:21 AM

Hey ozkanaltas!

Oh wow... that was it :D I had the default "prof_admin" inside there. After changing it to another admin profile which I created for our TACACS access the backup now contains the correct full configuration.

It looks like the "prof_admin" only can use CLI commands in specific VDOMs but not Global (with it's default config). That was it...

Thank you so much! I woud have never guessed that :D

200
0 Kudos
ozkanaltas
Contributor III
In response to ErrantOsi

Created on ‎04-05-2024 01:30 AM

Hello @ErrantOsi ,

 

I'm glad it worked. :)

 

It's related to permission in the admin profile.

 

If you configure the scope area with Global, you can get config backup for all vdoms with the prof_admin profile.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
194
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.