11 Replies Latest reply on Jun 13, 2010 9:07 PM by Steve Welsh

    Fortigate With Vdom backup is not happening

    vmvineeth

      Hi All ,

       

      I am not able to take the backup of Fortigate  which has configured on VDOM environment .

      Some Fortigate's I am able to take but Vdom configuration's are missing from the Backup .

      Did any one faced this issues and what was the solutions you found on Kiwi Cat tools

       

      Please help thanks in advance

       

      Regards

      Vineeth

        • Re: Fortigate With Vdom backup is not happening

          HI Vineeth--

          Have you seen these two threads:

          CatTools and Fortigate Firewalls

          Fortigate for Multiple VDOM's

          They might help you. Also, I've marked this for the PM to review.

          M

          • Re: Fortigate With Vdom backup is not happening
            Wardini

            The backup by default issues the show command. If there is a different command that will show the config including VDOMs for the device then you could specify this as an alternate command on the options tab for the activity.

            I have also been looking at whether the Device.Backup.TFTP activity may be changed to work for Fortinets as I believe this would include the VDOM data.

              • Re: Fortigate With Vdom backup is not happening

                Hi Support ,

                 

                Hi Below is the debug log when I am doing the sent command option for use the TFTP . The commands which I am sending to a FG Box which has got the VDOM . Below are the commands which I am executing to take the backup of fortigate with Vdom . When I am entering the same commands from Fortigate BOX it is taking with out any problem's  . This commands are not required the paging off .FYI i have done the paging set output standard . Could you please check are you able to workout something from this below logs .

                Send commands
                #############################################

                config vdom
                edit root
                execute backup full-config tftp 202.177.154.3.conf  210.210.115.132

                I am getting this error throguh mail : Did not receive echo of execute backup full-config tftp 10.10.0.3.conf 10.10.115.132 command



                <NEWSESSION Kiwi CatTools 3.4.0 4/8/2010 7:12:04 PM>
                <PROTOCOL=Telnet>
                <DEVICE TYPE=Fortinet.FortiOS.General>
                <ACTIVITY TYPE=Device.CLI.Send commands>
                <ACTIVITY SCRIPT=C:\Program Files\CatTools3\Scripts\Client.Device.CLI.Send commands.txt>
                <USERS NAME FOR DEVICE=10.10.0.3>
                <C OK 7:12:04 PM><R-7:12:05 PM>[13][10]park-CleanConnect-FG login: <W-7:12:05 PM>admin[13]<R-7:12:05 PM>a<R-7:12:05 PM>dmin[13][10]Password: <W-7:12:05 PM>******************************[13]<R-7:12:05 PM>*<R-7:12:05 PM>**************[13][10]Welcome ![13][10][13][10]park-CleanConne~ # <W-7:12:06 PM>          <R-7:12:06 PM> <R-7:12:06 PM>         <W-7:12:06 PM>[13]<R-7:12:06 PM>[13][00][13][10]<R-7:12:07 PM>park-CleanConne~ # <W-7:12:07 PM>[13]<R-7:12:07 PM>[13][00][13][10]<R-7:12:07 PM>park-CleanConne~ # <W-7:12:07 PM>[13]<R-7:12:07 PM>[13][00][13][10]<R-7:12:07 PM>park-CleanConne~ # <W-7:12:07 PM>config system console<R-7:12:07 PM>c<R-7:12:07 PM>onfig system console<W-7:12:07 PM>[13]<R-7:12:07 PM>[13][00][13][10]<R-7:12:07 PM>3909: Unknown action 3[13][10]Command fail. Return code -1[13][10][13][10]park-CleanConne~ #
                ================================================================================
                WFMDRetVal=1 Waiting for: "(console)#"
                WFMDRetVal=2 Waiting for: "(console) #"
                WFMDRetVal=3 Waiting for: "(console)$"
                WFMDRetVal=4 Waiting for: "(console) $"
                WFMDRetVal=5 Waiting for: "global #"
                WFMDRetVal=6 Waiting for: "(global) #"
                WFMDRetVal=7 Waiting for: "park-CleanConne~#"
                WFMDRetVal=8 Waiting for: "park-CleanConne~ $"
                WFMDBuffer="config system console[13][00][13][10]3909: unknown action 3[13][10]command fail. return code -1[13][10][13][10]park-cleanconne~ # "
                ================================================================================
                <W-7:12:13 PM>config global<R-7:12:14 PM>c<R-7:12:14 PM>onfig global<W-7:12:14 PM>[13]<R-7:12:14 PM>[13][00][13][10]<R-7:12:14 PM>[13][10]park-CleanConne~ (global) # <W-7:12:14 PM>config system console<R-7:12:14 PM>co<R-7:12:14 PM>nfig system console<W-7:12:14 PM>[13]<R-7:12:14 PM>[13][00][13][10]<R-7:12:14 PM>[13][10]park-CleanConne~ (console) # <W-7:12:14 PM>set output standard<R-7:12:14 PM>set output standa<R-7:12:15 PM>rd<W-7:12:15 PM>[13]<R-7:12:15 PM>[13][00][13][10]<R-7:12:15 PM>[13][10]park-CleanConne~ (console) # <W-7:12:15 PM>end<R-7:12:15 PM>end<W-7:12:15 PM>[13]<R-7:12:15 PM>[13][00][13][10]<R-7:12:15 PM>[13][10]park-CleanConne~ (global) # <W-7:12:15 PM>config vdom<R-7:12:15 PM>c<R-7:12:15 PM>onfig vdom<W-7:12:15 PM>[13]<R-7:12:15 PM>[13][00][13][10]<R-7:12:16 PM>[13][10]command parse error before 'vdom'[13][10]Command fail. Return code 1[13][10][13][10]park-CleanConne~ (global) # <W-7:12:16 PM>edit root<R-7:12:16 PM>e<R-7:12:16 PM>dit root<W-7:12:16 PM>[13]<R-7:12:16 PM>[13][00][13][10]<R-7:12:16 PM>Unknown action 0[13][10][13][10]park-CleanConne~ (global) # <W-7:12:16 PM>execute backup full-config tftp 10.10.0.3.conf  10.10.115.132<R-7:12:16 PM>e<R-7:12:16 PM>xecute backup full-config tftp 10.10.0.3.conf  [08] 10.10.115.132
                ================================================================================
                WFDRetVal=0. Waiting for: "execute backup full-config tftp 10.10.0.3.conf  10.10.115.132"
                WFDBuffer="execute backup full-config tftp 10.10.0.3.conf  [08] 10.10.115.132"
                ================================================================================
                <D 7:12:47 PM>
                <SCRIPT VALUES>
                <HOSTNAME="park-CleanConne~">
                <PROMPT VTY="park-CleanConne~ ">
                <PROMPT ENABLE="(global) #">
                <PROMPT CONFIG="">

                Thanks and Regards

                 

                Sanky Bhai Sathyan

                  • Re: Fortigate With Vdom backup is not happening
                    Steve Welsh

                    Hi sanky,

                    Looks like you have a few issues with the commands you are sending within CatTools.

                    1) When the 'config vdom' command is executed, the device responds with  "command parse error before 'vdom'  Command fail. Return code 1"

                    2) When the 'edit root' command is executed, the device responds with  "Unknown action 0"

                    3) the 'execute backup full-config tftp 10.10.0.3.conf  10.10.115.132' appears to be getting echoed back to the terminal window with a backspace character [08] within it  (execute backup full-config tftp 10.10.0.3.conf  [08] 10.10.115.132) is the device truncating this command while you are typing it?

                    Because the command being echoed differs to the command being sent, this is why you are seeing the error: Did not receive echo of execute backup full-config tftp 10.10.0.3.conf 10.10.115.132 command

                    You can tell CatTools to not wait for a command echo by using the %ctUM: EchoOff command (see online help page: http://www.kiwisyslog.com/help/cattools/act_metactumcommand.htm).  Add this CatTools utility command to your list of commands before the 'execute backup full-config tftp 10.10.0.3.conf  10on-line.10.115.132' command and it should work around this issue.

                    For issues 1 & 2, I'd suggest checking that the account you have configured your device within in CatTools has permissions to execute these command, and that they are valid at the '(global) #' mode of the device.

                    Regards,

                    Steve

                      • Re: Fortigate With Vdom backup is not happening
                        vmvineeth

                        Hi Steve ,

                         

                        Thanks for your replay . Let me try this and after that I will update the results

                         

                        Regards

                        Vineeth

                          • Re: Fortigate With Vdom backup is not happening
                            vmvineeth

                            Hi Steve ,

                            You rocks.... Thanks  a lot it's working for me .

                             

                            Regards

                            Vineeth

                              • Re: Fortigate With Vdom backup is not happening
                                Steve Welsh

                                Awesome... glad to help.

                                ... and many thanks for posting back your update too Vineeth.

                                  • Re: Fortigate With Vdom backup is not happening
                                    mhansson

                                    Im sorry if I'm beating a dead horse but i am having issues getting the Device.Backup.TFTP to work with my fortigates.

                                    I included the system status, aswell, as a walk through of available needed commands in the CLI in case you dont have access to a v4.0 Fortigate.

                                     

                                    fgt200a-a # get system status
                                    Version: Fortigate-200A v4.0,build0196,100319 (MR1 Patch 4)
                                    Virus-DB: 9.00795(2008-12-08 15:09)
                                    IPS-DB: 2.00593(2009-02-05 20:34)
                                    FortiClient application signature package: 1.186(2010-06-07 16:23)
                                    Serial-Number: FG200A2105402894
                                    BIOS version: 04000000
                                    Log hard disk: Not available
                                    Hostname: fgt200a-a
                                    Operation Mode: NAT
                                    Current virtual domain: root
                                    Max number of virtual domains: 10
                                    Virtual domains status: 2 in NAT mode, 0 in TP mode
                                    Virtual domain configuration: enable
                                    FIPS-CC mode: disable
                                    Current HA mode: a-p, master
                                    Distribution: International
                                    Branch point: 196
                                    Release Version Information: MR1 Patch 4
                                    System time: Tue Jun  8 10:55:12 2010

                                    fgt200a-a # config
                                    global    config global
                                    vdom      config vdom

                                    fgt200a-a # config vdom

                                    fgt200a-a (vdom) #
                                    edit      add/edit a table value
                                    delete    delete a table value
                                    end       end and save last config

                                    fgt200a-a (vdom) # edit root
                                    current vf=root:0

                                    fgt200a-a (root) #
                                    config      config object
                                    get         get dynamic and system information
                                    show        show configuration
                                    diagnose    diagnose facility
                                    execute     execute static commands
                                    next        config next table entry
                                    end         end and save last config

                                    fgt200a-a (root) #  execute backup full-config tftp fgt200a-a.wri 192.168.19.63
                                    Please wait...
                                    Connect to tftp server 192.168.19.63 ...
                                    #
                                    Send config file to tftp server OK.

                                    fgt200a-a (root) # show
                                    alertemail            alert e-mail configuration
                                    antivirus             antivirus configuration
                                    application           application
                                    dlp                   dlp
                                    endpoint-control      endpoint-control
                                    firewall              firewall
                                    imp2p                 imp2p
                                    ips                   ips
                                    log                   log
                                    router                router
                                    spamfilter            spamfilter
                                    system                system
                                    user                  user
                                    vpn                   vpn
                                    web-proxy             web-proxy
                                    webfilter             webfilter
                                    full-configuration    show full configuration

                                    fgt200a-a (root) # show full-configuration

                                     

                                    <this proceeds to show the entire VDOM config>

                                     

                                    the debugs I am getting for this  activity are :

                                     


                                    <NEWSESSION CatTools 3.5.0 6/8/2010 11:36:18 AM>
                                    <PROTOCOL=SSH2>
                                    <DEVICE TYPE=Fortinet.FortiOS.General>
                                    <ACTIVITY TYPE=Device.Backup.TFTP>
                                    <ACTIVITY SCRIPT=C:\Program Files\CatTools3\Scripts\Client.Device.Backup.TFTP.txt>
                                    <USERS NAME FOR DEVICE=fortigate200a>
                                    <C OK 11:36:18 AM><R-11:36:18 AM>fgt200a-a # <W-11:36:24 AM>[13]<R-11:36:24 AM>[13][13][10]fgt200a-a # <W-11:36:24 AM>[13]<R-11:36:24 AM>[13][13][10]fgt200a-a # <W-11:36:24 AM>config system console<R-11:36:24 AM>config s<R-11:36:24 AM>ystem con<R-11:36:24 AM>sole<W-11:36:24 AM>[13]<R-11:36:24 AM>[13][13][10]4569: Unknown action 3[13][10]Command fail. Return code -1<R-11:36:24 AM>[13][10][13][10]fgt200a-a #
                                    ================================================================================
                                    WFMDRetVal=1 Waiting for: "(console)#"
                                    WFMDRetVal=2 Waiting for: "(console) #"
                                    WFMDRetVal=3 Waiting for: "(console)$"
                                    WFMDRetVal=4 Waiting for: "(console) $"
                                    WFMDRetVal=5 Waiting for: "global #"
                                    WFMDRetVal=6 Waiting for: "(global) #"
                                    WFMDRetVal=7 Waiting for: "fgt200a-a#"
                                    WFMDRetVal=8 Waiting for: "fgt200a-a $"
                                    WFMDBuffer="config system console[13][13][10]4569: unknown action 3[13][10]command fail. return code -1[13][10][13][10]fgt200a-a # "
                                    ================================================================================
                                    <W-11:36:30 AM>config global<R-11:36:30 AM>config<R-11:36:30 AM> globa<R-11:36:30 AM>l<W-11:36:30 AM>[13]<R-11:36:30 AM>[13][13][10][13][10]fgt200a-a (global) # <W-11:36:30 AM>config system console<R-11:36:30 AM>config system console<W-11:36:30 AM>[13]<R-11:36:30 AM>[13][13][10][13][10]fgt200a-a (console) # <W-11:36:30 AM>set output standard<R-11:36:30 AM>set output standard<W-11:36:30 AM>[13]<R-11:36:30 AM>[13][13][10][13][10]fgt200a-a (console) # <W-11:36:30 AM>end<R-11:36:30 AM>end<W-11:36:30 AM>[13]<R-11:36:30 AM>[13][13][10]<R-11:36:31 AM>[13][10]fgt200a-a (global) # <R-11:51:41 AM>Timeout[13][10]<R-11:51:41 AM>exit[13][10]<D 11:51:41 AM>
                                    <SCRIPT VALUES>
                                    <HOSTNAME="fgt200a-a">
                                    <PROMPT VTY="fgt200a-a ">
                                    <PROMPT ENABLE="(global) #">
                                    <PROMPT CONFIG="">

                                    I have tried to edit the "Optional alternative list of commands" and entered the %ctUM: EchoOff but with no improvement.

                                    I then proceeded to enter the entire expected command string, but no improvement.

                                    %ctUM: EchoOff
                                    config vdom
                                    edit root
                                    execute backup full-config %ctDeviceName-Running-Config  192.168.19.63

                                    Running the "execute backup ......" by itself from the CLI works fine, but not from the activity.

                                    I am basically looking to do a Device.Backup.Running Config and be able to get the comparison emails etc. whenever the devices change.

                                    I have not been able to figure out a way to edit the commands being sent, without creating a custom device, which sort of defeats the purpose, since i cant figure out a way to integrate that with the device backup (neither ssh or tftp)

                                     

                                    From what I have seen I am expecting I am not the only one having problems with Fortigate's and I hope we can find a simple solution to this.

                                      • Re: Fortigate With Vdom backup is not happening
                                        Steve Welsh

                                        - mhansson

                                        From your device debuglog above, it appears that after CatTools has done what it needs to do to turn off the output paging (set output standard) and returned to the config global mode prompt (i.e. fgt200a-a (global) #); no further commands are sent, so after about 15 minutes of inactivity the device times out!  

                                        I checked the device script and it seems CatTools should at least be sending the 'execute backup full-config tftp' command at this point, so I'm not sure what the issue is here with your activity setup.

                                        From your PuTTY output, (and also referring to the device debuglog that sanky sent in), it appears that you may need to drop out of config global mode, back to config mode, before issuing the 'config vdom' command.

                                        Your list of alternative commands should therefore look something like:

                                          end     (or alternative command to drop you out of config global # mode back to config # mode)
                                          config vdom
                                          edit root
                                          %ctUM: EchoOff
                                          execute backup full-config tftp %ctDeviceName-Running-Config  192.168.19.63

                                        Give this a try and let us know how you get on.

                                        Regards,

                                        Steve

                                          • Re: Fortigate With Vdom backup is not happening
                                            mhansson

                                            It seems the alternate commands never gets sent.

                                            here is the  debug log after i entered what you suggested in alternate command.

                                             


                                            <NEWSESSION  CatTools 3.5.0 6/9/2010 7:36:17 AM>
                                            <PROTOCOL=SSH2>
                                            <DEVICE  TYPE=Fortinet.FortiOS.General>
                                            <ACTIVITY  TYPE=Device.Backup.TFTP>
                                            <ACTIVITY SCRIPT=C:\Program  Files\CatTools3\Scripts\Client.Device.Backup.TFTP.txt>
                                            <USERS  NAME FOR DEVICE=fortigate200a>
                                            <C OK 7:36:17  AM><R-7:36:18 AM>fgt200a-a # <W-7:36:23  AM>[13]<R-7:36:23 AM>[13][13][10]fgt200a-a # <W-7:36:23  AM>[13]<R-7:36:23 AM>[13][13][10]fgt200a-a # <W-7:36:23  AM>config system console<R-7:36:23 AM>config system  console<W-7:36:23 AM>[13]<R-7:36:23 AM>[13][13][10]4569:  Unknown action 3[13][10]Command fail. Return code  -1[13][10][13][10]fgt200a-a #
                                            ================================================================================
                                            WFMDRetVal=1  Waiting for: "(console)#"
                                            WFMDRetVal=2 Waiting for: "(console) #"
                                            WFMDRetVal=3  Waiting for: "(console)$"
                                            WFMDRetVal=4 Waiting for: "(console) $"
                                            WFMDRetVal=5  Waiting for: "global #"
                                            WFMDRetVal=6 Waiting for: "(global) #"
                                            WFMDRetVal=7  Waiting for: "fgt200a-a#"
                                            WFMDRetVal=8 Waiting for: "fgt200a-a $"
                                            WFMDBuffer="config  system console[13][13][10]4569: unknown action 3[13][10]command fail.  return code -1[13][10][13][10]fgt200a-a # "
                                            ================================================================================
                                            <W-7:36:29  AM>config global<R-7:36:29 AM>config global<W-7:36:29  AM>[13]<R-7:36:29 AM>[13][13][10][13][10]fgt200a-a (global) #  <W-7:36:29 AM>config system console<R-7:36:29 AM>config  system console<W-7:36:29 AM>[13]<R-7:36:29  AM>[13][13][10][13][10]fgt200a-a (console) # <W-7:36:29 AM>set  output standard<R-7:36:29 AM>set output standard<W-7:36:29  AM>[13]<R-7:36:29 AM>[13][13][10][13][10]fgt200a-a (console) #  <W-7:36:29 AM>end<R-7:36:29 AM>end<W-7:36:29  AM>[13]<R-7:36:29 AM>[13][13][10]<R-7:36:29  AM>[13][10]fgt200a-a (global) #

                                            What i did is that on the Options tab on the activity detail, i unchecked and left unchecked the "File to write to TFTP Server" checkbox, then entered the alternate commands in the "Optional Alternative list of commands;"

                                             

                                            everything else is left as default.

                                            I am running cattools 3.5.0

                                             

                                            so, do i need to anything different to enable cattools to send the alternate commands?

                                             

                                             

                                             

                                            I  understand that it might be difficult programmatically to iterate  through the available vdoms but would it be impossible to implement  something in the Device.Backup.Running.Config OR Device.Backup.TFTP to do in essence:


                                            FG400A2905500052 # config global

                                            FG400A2905500052 (global) # get system vdom-property
                                            == [ root ]
                                            name: root
                                            == [ fg400vdom1 ]
                                            name: fg400vdom1

                                            FG400A2905500052 (global) #

                                            FG400A2905500052 (Fouredge) #FG400A2905500052 (global) # end

                                            FG400A2905500052 # config vdom

                                            FG400A2905500052 (vdom) # edit %name1%
                                            current vf=fg400vdom1:1

                                            FG400A2905500052 (fg400vdom1) #
                                            FG400A2905500052 (fg400vdom1) #

                                            and then run either  show full-configuration

                                            OR

                                            execute backup full-config tftp %ctDeviceName-Running-Config %TFTPServer%

                                            maybe a feature request for future versions......