Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FatalHalt
Contributor II

Backup over SCP

I' m trying to figure out how to backup over SCP. I' ve enabled ' admin-scp' in config sys global, but am now trying to actually figure out how to use it. Anyone able to get me started? Thanks.
3 Solutions
FatalHalt
Contributor II

Sorry to bump this thread, but been running into some issues. 

 

Is it just me, or are the backups you get from SCP not the full backup of the device? I've only just noticed this now that I'm doing some analytics on the files themselves, but they aren't even close to full. On one device, a full backup from the GUI gets me a file with 40,000 lines. A scp backup using sys_config is just shy of 2,200. It doesn't have any vdoms. It's almost useless. 

 

Is there a different command other than sys_config (or fgt-config) to get a proper, full backup?

View solution in original post

Elthon_Abreu

nbctcp wrote:

Ethon,

Can you please show me the steps

 

nbctcp,

 

I've attached the script for you. You can change according to your needs.

 

PS.: Script only for Windows OS.

Elthon Abreu FCNSA v5

View solution in original post

Elthon Abreu FCNSA v5
Elthon_Abreu

Holy,

 

I've used the Putty Key Generation (Looking in "ProgramFiles\PuTTY" If you have putty installed). There is a variable "Key" on the script file. To create the user "bkp" you can use the config below:

 

config system admin edit "bkpusr" set trusthost1 "backup IP address only - for best security" set vdom "root" set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhIasKun...." set password ****** next end

 

Best regards

Elthon Abreu FCNSA v5

View solution in original post

Elthon Abreu FCNSA v5
31 REPLIES 31
Istvan_Takacs_FTNT

Using the SCP client http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/basic_setup.096.53.html
emnoc
Esteemed Contributor III

I never heard of fgt-config but sys_config works e.g scp admin@x.x.x.5:sys_config ./ admin@x.x.x.x5' s password: Permission denied, please try again. admin@x.x.x.5' s password: sys_config 100% 332KB 83.1KB/s 00:04 kfelix@socket01:~$ Go to tip#6 on my blog; http://socpuppet.blogspot.com/2013/12/fortigate-tips-tricks-from-socpuppets.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
FatalHalt
Contributor II

Thanks guys. I was using the document from the Admin guide, but didn' t have any sort of scp client (windows host). Grabbed the pscp.exe file from putty and am now cruising along. Made a nice little python script to automate all my boxes now!
ede_pfau
Esteemed Contributor III

Would you care to share the python script? Py pal here.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
FatalHalt
Contributor II

Threw it up on my Github
emnoc
Esteemed Contributor III

Here' s a simple bash script, that you can call and run thru a listing. It down load the cfg and timestamp the downloaded file #!/bin/bash # This is a simple bash cfg grabber # # if [ ! $1 ]; then echo " Usage : getcfg.sg <username> <fortigate ip_address> <ssh port # > " echo " " echo " Example getcfg admin 1.1.1.1 22 " echo " " exit 1 fi # # DATE=`date +%F%Z%T` # # A=sys_config # PORT=$3 scp -P $3 $1@$2:$A ./$A-$2_$DATE.cfg # # end

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ede_pfau
Esteemed Contributor III

Thanks FatalHalt, nice work!

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
FatalHalt
Contributor II

Thanks! I' ve also got a work in progress config parser script on there as well. Parses out different sections of the config to csv files (which I combine into spreadsheets). Great for comparing policy, address sets, etc. Adding more sections for it when I have time.
jtfinley

Shameless plug, but I wrote something [link=]http://www.jfinley.com/2013/03/automated-fortigate-configuration-backups-using-scp/[/link]
Labels
Top Kudoed Authors