Automated backup of Forti -Gate, -Manager & -Analyzer

Just a quick note on how to automate backup of your FortiGate, FortiAnalyzer and FortiManager.

FortiManager / FortiAnalyzer

Use the following configuration

config system backup all-settings
set status enable
set protocol sftp
set server “10.200.10.50”
set user “fortibackup”
set passwd “YourPassword”
set directory “/home/fortibackup”
set week_days sunday
set time “23:00:00”
set crptpasswd “CryptoKeyForYourBackup”
end

A few other commands that might come in handy:
To test backup

execute backup all-settings sftp 10.200.10.50 /home/fortibackup/ fortibackup PASSWORD CRYPTOPW

Check backup status

get system backup status

FortiGate

FortiGate does not come with a native function to run scheduled backups, but as of version 5.4 you got Auto-script which can alleviate some of the burden.
Unfortunately this method does _not_ support sftp or scp, only tftp and ftp, so it might be worth while investigating a different backupsolution if the backup is to run over unprotected networks.

Anywho, these are the commands you need to run in order to do a full-config (all vdoms) backup of a FortiGate:

FortiGate01 (global) #
FortiGate01 (global) # config system auto-script
FortiGate01 (auto-script) # edit “AutoBackup”
FortiGate01 (AutoBackup) #
FortiGate01 (AutoBackup) # set interval 86400
FortiGate01 (AutoBackup) # set repeat 0
FortiGate01 (AutoBackup) # set script “config global
execute backup full-config ftp FortiGate01-backup 10.200.10.50 fortibackup PASSWORD CRYPTOPW”
FortiGate01 (AutoBackup) # set start auto
FortiGate01 (AutoBackup) # next
FortiGate01 (auto-script) # end
FortiGate01 (global) #

Interval is in seconds, so 86400 = 1 day
Repeat is the number of times this script is to be repeated. 0 = infinite.
Note that the set script variable is not ended on the first line and you continue to line two to execute the second command.

0.00 avg. rating (0% score) - 0 votes

Leave a Reply

Your email address will not be published. Required fields are marked *