ICTKB-IMG
FirewallFortinet

Never Lose a Byte: Automate Backups on FortiGate Firewalls

ICTKB Admin
2 Mins Read
3 Views
0 Comments

Imagine; It’s 2 a.m., your firewall goes down, and your last backup is older than your nephew’s dinosaur obsession. You’re stuck, manually rebuilding policies and routing configs from memory (or worse, screenshots). That’s a nightmare no admin deserves.

But here’s the good news: FortiGate firewalls make it surprisingly easy to automate configuration backups, and today, we’ll show you exactly how.

The Automation Stitch is a feature of the Security Fabric in FortiGate, which will help you to configure automated backups. To deploy it, configure automation-trigger, automation-action, and automation-stitches.

Step 1: Set Up the Automation Trigger

config system automation-trigger
    edit "backup"
        set trigger-type scheduled
        set trigger-frequency daily   <- Frequency of the action.
        set trigger-hour 23           <- Hour of the triggered action.
        set trigger-minute 58         <- Minute of the triggered action.
    next
end

Step 2: Create the Automation Backup Action

config system automation-action
    edit "backup"
        set action-type cli-script
        set minimum-interval 0    <- Limit execution to no more than once in this interval (in seconds).
        set delay 0               <- Delay before execution (in seconds).
        set required enable
        set script "execute backup config ftp /Backup/backup.conf 192.168.55.4 testuser testpassword"
    next
end

If the FortiGate is configured with multiple VDOMs, configure the script line as below:

set script "config global
execute backup config ftp /Backup/backup.conf 192.168.55.4 testuser testpassword"

When using SFTP for transferring the backup and the FortiGate is configured with multiple VDOMs, the script above will change only the protocol, as below:

set script "config global
execute backup config sftp /Backup/backup.conf 192.168.55.4 testuser testpassword"

Note: 192.168.55.4 is ftp sever Ip and ‘testuser’ and ‘testpassword’ are username and password.

Step 3: Configure Automation Stitch

config system automation-stitch
    edit "backup"
        set status enable
        set trigger "backup"
        set action "backup"
    next
end

Your config is safe, current, and stored off-device. No more sleepless nights.

Tags:

Share Article

No Comment! Be the first one.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Related Posts

    Our site uses cookies. By using this site, you agree to the Privacy Policy and Terms of Use.

    Accept