Backup FortiGate Config

1. Download and install latest putty Installer from 

2. Edit in FortiGate CLI
config system global
set admin-scp enable

3. Create Read-Only Profile in FortiGate
In the webgui goto System > Admin > Admin Profiles and click ‘Create New’.
Give your profile a name and select the ‘Read Only’ tick-box to ensure all access control options change to read only. Click ‘Ok’ to save.


4. Create Read-Only User in FortiGate
Goto System > Admin > Administrators and click ‘Create New’.


Type in the users login name, give a password and select the read-only profile we created in step 2. Click ‘Ok’ to save.

5. Create a c:\backup\fortibackup.bat batch script
cd c:\Program Files (x86)\PuTTY
pscp -pw P@ssw0rd backup@ c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

6. Create a task scheduler

METHOD2: Kiwi CatTools
Click Activities/Add
Click OK, Click Run Now
Backup config will be in C:\Program Files (x86)\CatTools3\Configs\Default

5 thoughts on “Backup FortiGate Config

  1. I put this in the .bat:
    cd C:\Program Files\PuTTY
    pscp -scp -pw @:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

    I also enabled scp on the device with
    config system global
    set admin-scp enable

    At the end the cmd window simply opens and shuts and don’t see any .conf file in the c:\backup.

    A little help please on what’s missing.

  2. I used angle brackets for the ip and pass and they now gone from the comment.

    cd C:\Program Files\PuTTY
    pscp -scp -pw readonlypass readonlyusername@fgtipaddress:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

    • Your last status is working or not?
      If not.
      Have you make sure
      -pscp in C:\Program Files\PuTTY
      -you have c:\backup
      -do you have admin privilege to run bat script
      -how if you run manually the command.
      I mean in cmd
      >cd C:\Program Files\PuTTY
      >pscp -scp -pw readonlypass readonlyusername@fgtipaddress:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

  3. Trying out something new here, could use some help.

    I am trying to run cli to create admin accounts on fortigates:

    cd c:\Program Files\PuTTY
    plink.exe -l username -pw password fgt_ipaddress C:\pat_to_command.txt

    and then in command.txt:

    config system admin
    edit test
    set accprofile “super_admin”
    set password test

    I keep getting the “unknow action 0” which according to fgt cli:

    “If you do not enter a known command, the CLI will return an error message such as:
    Unknown action 0”


    Would appreciate lil help on understanding what is going wrong here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s