There is basically a way to draw a backup via scp once admin-scp is enabled and ssh is allowed on the FGT's target interface.
You could use some scp client to do it.
With the onboard (Open)scp client in linux it works like this:
scp admin@<FortiGate_IP>:sys_config <target>
since the client initiates the scp transfer it would be on the client to set that up to run periodically. In Linu this can e.g. be done with a cronjob.
the fortigate could periodically do the opposite direction. It is capable to at least transfer a config to an ftp or tftp server. You could make this periodically by using it in a script that i scheduled.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Do a search here and numerous examples are demo here. The sys_config is loose since anything with cfg in the name seems to work. Alternatives to SCP are the API interface and calling out the backup. Great for environments where ssh tcp/22 is blocked or not allowaccess.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.