Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dkcho
New Contributor

How to Periodic backup using SCP

hello to you all,

I want to get regular backups using SCP But Fortinet doesn't seem to support backing up to SCP

=================================

FW # execute backup config ?        ftp           Backup config file to ftp server.        management-station          Backup config file to management station.        tftp         Backup config file to TFTP server.        usb         Backup config file to USB disk.        usb-mode             Backup config file for USB mode. FW # execute backup config

====================================

Firmware version is 5.2

 

-----------------------------

config system global

   set   admin-scp enable

-------------------------------

There is a SCP enable setting, but it seems to be unavailable for backup purposes.

Please let me know if there is a regular SCP backup method using FortiGate and other tools

Thanks.

3 REPLIES 3
sw2090
Honored Contributor

There is basically a way to draw a backup via scp once admin-scp is enabled and ssh is allowed on the FGT's target interface.

 

You could use some scp client to do it.

With the onboard (Open)scp client in linux it works like this:

 

scp admin@<FortiGate_IP>:sys_config <target>

 

since the client initiates the scp transfer it would be on the client to set that up to run periodically. In Linu this can e.g. be done with a cronjob.

 

the fortigate could periodically do the opposite direction. It is capable to at least transfer a config to an ftp or tftp server. You could make this periodically by using it in a script that i scheduled.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
emnoc
Esteemed Contributor III

Agreed

 

Do a search here and numerous examples are demo here. The sys_config is loose since anything with cfg in the name seems to work. Alternatives to SCP are the API interface and calling out the backup. Great for environments where ssh tcp/22 is blocked or not allowaccess.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Elthon_Abreu

Elthon Abreu FCNSA v5
Labels
Top Kudoed Authors