Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmhalegre
New Contributor

Created on ‎01-12-2024 01:04 AM Edited on ‎01-12-2024 01:40 AM

Fortigate 7.0.12.build0523//7.2.5.build1517 Execute Backup with %%date%% or %%log.date%% don`t work

Hi Team,

 

I need to automate the execution of configuration backups automatically, and I have encountered the following problem:

 

FortiGate-600F v7.0.12,build0523,230606 (GA.M) with 2 Vdoms

 

If I launch the command:


execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password

 

The result is OK
FWCNTCPDINET1 (global) # execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password
Please wait...
Connect to sftp server 10.154.4.68 ...
Please wait...
Connect to sftp server 10.154.4.68 ...
Send config file to sftp server OK.

 

But if we check in the FTP Server, the file has not been generated correctly, it does not replace the literal %%date%% with the date.

 

user@FCBBCKFWPROVM01:~$ ls -l
total 1484
-rw-r--r-- 1 user user 1516234 Jan 12 07:52 Config_%%date%%.conf
user@FCBBCKFWPROVM01:~$ user@FCBBCKFWPROVM01:~$

 

If I automate it "Security Fabric\Automation", I see that the automation does not even work.

 

Config

 

FW (global) # conf system automation-trigger

FW (Backup) # get
name : Backup
description :
trigger-type : scheduled
trigger-frequency : daily
trigger-hour : 9
minute of activation : 40

 

FW (global) # conf sys automation-action

FW (automation-action) # edit Backup

 

Tested options

 

FW (Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : config global execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password

script : config global execute backup full-config sftp Config_%%log.date%%.conf 10.154.4.68 user password
execute-security-fabric: disable
accprofile : super_admin

 

FW (Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : execute backup full-config sftp Config_%%date%%.conf 10.154.4.68 user password

script : execute backup full-config sftp Config_%%log.date%%.conf 10.154.4.68 user password
execute-security-fabric: disable
accprofile : super_admin

 

FW (global) # con system automation-stitch

FW (automation-stitch) # edit Backup

FW (Backup) # get
name : Backup
description :
status : enable
trigger : Backup
actions:
== [ 1 ]
id: 1 action: Backup
destination :

 

FW (Backup) # config actions

FW (actions) # edit 1

FW (1) # get
id : 1
action : Backup
delay : 0
required : enable

 

When the automation is executed, it does not save the file on the FTP server.

 

captura.png

 

And if we access the FTP Server, no file has been uploaded.

 

user@FCBBCKFWPROVM01:~$ ls -l
total 0
user@FCBBCKFWPROVM01:~$

 

FortiGate-70F v7.2.5,build1517,230606 (GA.F)

 

In this other FW, the automastimo works correctly, but it does not work when we launch the Backups manually.

 

FW # execute backup full-config sftp FW_%%log.date%%_%%log.time%%.conf 10.154.4.68 fcbadmin fcbadmin
Please wait...
Connect to sftp server 10.154.4.68 ...
Send config file to sftp server OK.

 

user@FCBBCKFWPROVM01:~$ ls -l
total 968
-rw-r--r-- 1 fcbadmin fcbadmin 988204 Jan 12 08:54 FW_%%log.date%%_%%log.time%%.conf
user@FCBBCKFWPROVM01:~$

 

If we automate it, it works correctly

 

captura2.png

 

 

 

 

user@FCBBCKFWPROVM01:~$ ls -l
total 2676
-rw-r--r-- 1 fcbadmin fcbadmin 742509 Jan 12 08:54 FGT70FTK22012009_FWMTN003INET1_2024-01-12_09:55:08.conf
-rw-r--r-- 1 fcbadmin fcbadmin 1002720 Jan 12 08:55 FGT70FTK22012346_FWMTN003INET1_2024-01-12_09:55:23.conf
user@FCBBCKFWPROVM01:~$

 

Why does it work in some cases and not in others, and can it be due to the version?

 

Is there a stable version in which the backup automation works correctly?

 

Thanks & Best Regards,

Juanmi

 

 

 

 

 

Labels:
485
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎01-12-2024 03:43 AM

Hello Juanmi

As per my knowledge, the %%xxx%% is only for automation stitches, and will not work for CLI.

On the other hand there is a known bug on 7.0.1:

719029  Automation stitch action no longer understands %%log.date%% and %%log.time%% variables.

So "probably" your 7.0.12 is still affected by this bug.

AEK
AEK
472
0 Kudos
jmhalegre
New Contributor
In response to AEK

Created on ‎01-15-2024 12:48 AM

Ho Team,

 

I have tested on three FW with different versions and on one it works and on the other two it does not.

 

Below I summarize the tests performed in each case.

 

FW1 version v7.0.12 build0523 (Mature)

 

Exucute Backup from vdom Global# Execute backup full-config sftp FW1_global.conf <IP> <user> <pass> // Execute OK
Execute Backup from vdom root# Execute backup full-config sftp FW1_root.conf <IP> <user> <pass> // Execute OK
Execute Backup from automation-stitch // FAIL
execute backup full-config sftp FWWiFi.conf <IP> <user> <pass>
config global execute backup full-config sftp FWWiFi.conf <IP> <user> <pass>

 

SFTP SERVER

 

user@FCBBCKFWPROVM01:~$ ls -l
-rw-r--r-- 1 user user 1516238 Jan 15 07:41 FW1_global.conf
-rw-r--r-- 1 user user 933110 Jan 15 07:40 FW1_root.conf
user@FCBBCKFWPROVM01:~$

 

This is the configuration applied in all the FWs

 

FW(global) # config system automation-trigger

FW(automation-trigger) # edit Backup

FW(Backup) # get
name : Backup
description :
trigger-type : scheduled
trigger-frequency : daily
trigger-hour : <hour>
trigger-minute : <time>

FW(Backup) #

FW(global) # config system automation-action

FW(automation-action) # edit Backup

FW(Backup) # get
name : Backup
description :
action-type : cli-script
minimum-interval : 0
script : execute backup full-config sftp FWxxxxx.conf <IP> <User> <Password>
execute-security-fabric: disable
accprofile : super_admin


FW(Backup) #

FW(global) # config system automation-stitch

FW(automation-stitch) # edit Backup

FW(Backup) # get
name : Backup
description :
status : enable
trigger : Backup
actions:
== [ 1 ]
id: 1 action: Backup
destination :

 

FW2 version v7.2.6 build1575 (Feature)

 

Exucute Backup from vdom Global // execute backup full-config sftp FW2_global.conf <IP> <User> <Password> // Execute OK
Execute Backup from vdom root // execute backup full-config sftp FW2_root.conf <IP> <User> <Password> // Execute OK
Execute Backup from automation-stitch // FAIL
execute backup full-config sftp FWEJC.conf <IP> <User> <Password>
config global execute backup full-config sftp FWEJC.conf <IP> <User> <Password>
 
user@FCBBCKFWPROVM01:~$ ls -l
-rw-r--r-- 1 user user 1071040 Jan 15 08:15 FW2_global.conf
-rw-r--r-- 1 user user 401457 Jan 15 08:16 FW2_root.conf
user@FCBBCKFWPROVM01:~$
 
FW3 version v7.2.5 build1517 (Feature)
 

Execute Backup from automation-stitch // OK

user@FCBBCKFWPROVM01:~$ ls -l
total 4104
-rw-r--r-- 1 user user 742482 Jan 15 07:33 FGT70FTK22012009_2024-01-15_08:34:11.conf
-rw-r--r-- 1 user user 1002693 Jan 15 07:33 FGT70FTK22012346_2024-01-15_08:34:13.conf

 

Thanks & Best Regards,

Juanmi

 

 

 

 

316
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.