Backup FortiGate Config

METHOD1: PSCP
1. Download and install latest putty Installer from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html 

2. Edit in FortiGate CLI
config system global
set admin-scp enable
end

3. Create Read-Only Profile in FortiGate
In the webgui goto System > Admin > Admin Profiles and click ‘Create New’.
Give your profile a name and select the ‘Read Only’ tick-box to ensure all access control options change to read only. Click ‘Ok’ to save.

Image

4. Create Read-Only User in FortiGate
Goto System > Admin > Administrators and click ‘Create New’.

Image

Type in the users login name, give a password and select the read-only profile we created in step 2. Click ‘Ok’ to save.

5. Create a c:\backup\fortibackup.bat batch script
cd c:\Program Files (x86)\PuTTY
pscp -pw P@ssw0rd backup@10.0.0.241:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

6. Create a task scheduler
http://www.7tutorials.com/how-create-task-basic-task-wizard

METHOD2: Kiwi CatTools
Image
Image
Image
Image
Click Activities/Add
Image
Image
Image
Image
Click OK, Click Run Now
Backup config will be in C:\Program Files (x86)\CatTools3\Configs\Default
Advertisements

5 thoughts on “Backup FortiGate Config

  1. I put this in the .bat:
    cd C:\Program Files\PuTTY
    pscp -scp -pw @:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

    I also enabled scp on the device with
    config system global
    set admin-scp enable
    end

    At the end the cmd window simply opens and shuts and don’t see any .conf file in the c:\backup.

    A little help please on what’s missing.

  2. I used angle brackets for the ip and pass and they now gone from the comment.

    Here:
    cd C:\Program Files\PuTTY
    pscp -scp -pw readonlypass readonlyusername@fgtipaddress:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

    • Your last status is working or not?
      If not.
      Have you make sure
      -pscp in C:\Program Files\PuTTY
      -you have c:\backup
      -do you have admin privilege to run bat script
      -how if you run manually the command.
      I mean in cmd
      >cd C:\Program Files\PuTTY
      >pscp -scp -pw readonlypass readonlyusername@fgtipaddress:sys_config c:\backup\%DATE:~7,2%%DATE:~4,2%%DATE:~-4%.conf

  3. Trying out something new here, could use some help.

    I am trying to run cli to create admin accounts on fortigates:

    cd c:\Program Files\PuTTY
    plink.exe -l username -pw password fgt_ipaddress C:\pat_to_command.txt
    pause

    and then in command.txt:

    config system admin
    edit test
    set accprofile “super_admin”
    set password test
    end

    I keep getting the “unknow action 0” which according to fgt cli:

    “If you do not enter a known command, the CLI will return an error message such as:
    Unknown action 0”

    doc:http://docs-legacy.fortinet.com/fweb/5-1-3/cli/index.html#page/FortiWeb%2520CLI%2520Reference/command_syntax.html

    Would appreciate lil help on understanding what is going wrong here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s