Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- How to Take Fortigate Firewalls Backup and Restore...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to Take Fortigate Firewalls Backup and Restore them (Firewalls are in HA Active/Passive Mode)
Hi Dear Community Members,
I am bit confused to take and restore Fortigate 201F firewalls backup.
Someone clearly guide me , how we can take and backup 2 fortigate firewalls if they are operating in HA mode Primary and secondary. After backup how we can reset them and restore again backups so that previous primary remains primary only restoring backups.
--> Either we need to take backup of both firewalls--> Primary & Secondary individually or only using HA cluster ip
--> after resetting both firewalls or only primary firewall if we restore those taken backup eithe previous primary will automatically become primary and secondary will syn again?
Atif
Solved! Go to Solution.
Atif
Labels:
- Labels:
-
FortiGate
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi atifali681,
A few points:
- You do not need to take individual backups of both the Primary and Secondary units. A backup from the Primary is sufficient.
- After restoring the backup on the Primary unit, the HA synchronization will ensure that the Secondary unit is updated accordingly.
If you want more information about HA configuration backups, I recommend reviewing Technical Tip: How to restore a configuration backup on a FortiGate HA cluster.
I hope that helps! Feel free to get in touch if you have further queries.
Stephen - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The configuration pf both members in HA pair is identical, except what is under config sys ha - for that you need to take note of any difference (GUI: System -> HA) (if exist). For the rest - it is enough to back up from Primary as @Stephen_G already pointed.
You didn't tell the context of restoring, but usual case is after FortiOS upgrade, then you have 2 options:
- For 1 step upgrade, when FortiOS from old to new upgrades just 1 sub-version (e.g. 7.0.16 -> 7.017), the previous version of both: FortiOS and the Fortigate configuration are save to a Passive partition, and if you want to restore back - just make the Passive partition Active (on both members), and reboot both members at the same time. Some more info https://yurisk.info/2023/06/18/tips-on-upgrading-fortigate-in-ha-cluster/#_about_rollbackdowngrade
- For multi-step upgrade, say 7.0.4 -> 7.0.14 - 7.0.16 -> 7.0.17, only the latest, i.e 7.0.16 FortiOS & config will be saved in Passive partition, so if you want to restore back to say 7.0.14 , best way would be - dis-assemble the cluster, downgrade each member to 7.0.14, restore config of Primary from back up when FGT had 7.0.14 (on multistep upgrade you are prompted to save each sub-step configuration as a file), and after 1st (Primary) member is with 7.0.14, and restored config and works fine - assemble cluster again by adding the 2nd member as Secondary w/o configuration, just the same FortiOS (7.0.14) and config under config sys ha.
IMPORTANT: 7.0.14 of course as an example, use current version instead. What I wrote is a general description of steps involved, not a step-by-step guide, so use it as basis to find more detailed information. Cluster downgrading is not an easy to do, so prepare diligently, including OOB access via console, "hands on desk" ready if someone need to connect to the FGT etc..
https://yurisk.info
https://yurisk.info
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi atifali681,
A few points:
- You do not need to take individual backups of both the Primary and Secondary units. A backup from the Primary is sufficient.
- After restoring the backup on the Primary unit, the HA synchronization will ensure that the Secondary unit is updated accordingly.
If you want more information about HA configuration backups, I recommend reviewing Technical Tip: How to restore a configuration backup on a FortiGate HA cluster.
I hope that helps! Feel free to get in touch if you have further queries.
Stephen - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Stephn,
your answer very much clearled my confusion. Thanks.
Atif
Atif
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The configuration pf both members in HA pair is identical, except what is under config sys ha - for that you need to take note of any difference (GUI: System -> HA) (if exist). For the rest - it is enough to back up from Primary as @Stephen_G already pointed.
You didn't tell the context of restoring, but usual case is after FortiOS upgrade, then you have 2 options:
- For 1 step upgrade, when FortiOS from old to new upgrades just 1 sub-version (e.g. 7.0.16 -> 7.017), the previous version of both: FortiOS and the Fortigate configuration are save to a Passive partition, and if you want to restore back - just make the Passive partition Active (on both members), and reboot both members at the same time. Some more info https://yurisk.info/2023/06/18/tips-on-upgrading-fortigate-in-ha-cluster/#_about_rollbackdowngrade
- For multi-step upgrade, say 7.0.4 -> 7.0.14 - 7.0.16 -> 7.0.17, only the latest, i.e 7.0.16 FortiOS & config will be saved in Passive partition, so if you want to restore back to say 7.0.14 , best way would be - dis-assemble the cluster, downgrade each member to 7.0.14, restore config of Primary from back up when FGT had 7.0.14 (on multistep upgrade you are prompted to save each sub-step configuration as a file), and after 1st (Primary) member is with 7.0.14, and restored config and works fine - assemble cluster again by adding the 2nd member as Secondary w/o configuration, just the same FortiOS (7.0.14) and config under config sys ha.
IMPORTANT: 7.0.14 of course as an example, use current version instead. What I wrote is a general description of steps involved, not a step-by-step guide, so use it as basis to find more detailed information. Cluster downgrading is not an easy to do, so prepare diligently, including OOB access via console, "hands on desk" ready if someone need to connect to the FGT etc..
https://yurisk.info
https://yurisk.info
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank You very much Yurisk for your additional tip.
Atif
Atif
Labels
-
FortiGate
10,219 -
FortiClient
2,078 -
FortiManager
864 -
5.2
687 -
FortiAnalyzer
664 -
5.4
638 -
FortiSwitch
562 -
FortiAP
541 -
FortiClient EMS
530 -
6.0
416 -
IPsec
370 -
FortiMail
363 -
5.6
362 -
SSL-VPN
355 -
FortiNAC
260 -
6.2
251 -
FortiWeb
247 -
FortiAuthenticator v5.5
234 -
SD-WAN
181 -
FortiGuard
159 -
FortiAuthenticator
158 -
5.0
152 -
Firewall policy
131 -
6.4
128 -
FortiCloud Products
114 -
FortiGateCloud
112 -
FortiGate-VM
111 -
FortiSIEM
110 -
FortiToken
107 -
Wireless Controller
94 -
Customer Service
87 -
High Availability
80 -
FortiProxy
75 -
ZTNA
70 -
Fortivoice
69 -
Routing
69 -
VLAN
69 -
FortiEDR
68 -
DNS
67 -
SAML
65 -
FortiADC
64 -
BGP
62 -
Authentication
61 -
Certificate
58 -
RADIUS
57 -
FortiSandbox
53 -
SSO
52 -
FortiLink
52 -
LDAP
52 -
FortiExtender
51 -
NAT
50 -
4.0MR3
49 -
FortiDNS
43 -
VDOM
41 -
Application control
41 -
Interface
40 -
Logging
40 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
Virtual IP
37 -
FortiConnect
34 -
Web profile
34 -
FortiWAN
33 -
FortiPAM
33 -
SSL SSH inspection
32 -
FortiConverter
28 -
FortiGate v5.2
27 -
Automation
27 -
Static route
25 -
Traffic shaping
24 -
SSID
24 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
FortiGate Cloud
22 -
SNMP
22 -
API
22 -
System settings
22 -
WAN optimization
20 -
FortiMonitor
19 -
OSPF
19 -
Security profile
17 -
Web application firewall profile
17 -
Web rating
17 -
FortiDDoS
16 -
FortiSOAR
16 -
FortiAP profile
16 -
IP address management - IPAM
16 -
Admin
15 -
Proxy policy
15 -
FortiGate v5.0
14 -
FortiCASB
14 -
IPS signature
14 -
Explicit proxy
13 -
Traffic shaping policy
13 -
Intrusion prevention
13 -
FortiManager v4.0
12 -
RMA Information and Announcements
12 -
NAC policy
12 -
Port policy
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Fabric connector
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
FortiBridge
10 -
DNS filter
10 -
Trunk
10 -
Users
10 -
Traffic shaping profile
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
FortiDeceptor
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Authentication rule and scheme
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
FortiScan
6 -
DLP sensor
6 -
DoS policy
6 -
VoIP profile
6 -
Vulnerability Management
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
Email filter profile
5 -
Protocol option
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
File filter
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
Multicast policy
3 -
FortiInsight
2 -
FortiAI
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Virtual wire pair
1 -
Lacework
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2428 | |
| 1303 | |
| 778 | |
| 557 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.