3 Replies Latest reply on Sep 17, 2014 10:05 AM by Renquest

    Fortinet Fortigate Backups via TFTP

    Jaybed

      Hi

       

      I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

       

      We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

       

      Variations configuration

       

      • Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
      • Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
      • Fill in the rest of the device info and passwords as you would do normally
      • Go to the "variations" tab and click "use variations"
      • Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

      DEVICE_USERNAMEPROMPT = "login as:"

      DEVICE_PASSWORDPROMPT = "password:"

      DEVICE_STANDARDPROMPT = "#"

      DEVICE_PRIVILEGEDPROMPT = "#"

      DEVICE_CONFIGPROMPT = "(global) #"

      • Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

      COMMAND_ENTERCONFIG = "configure global"

      COMMAND_EXITCONFIG = "end"

      • Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
      • NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

      PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

      PRE_LOGIN_KEYSTROKE = "a"

      • Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

       

       

      TFTP activity configuration

       

      • Go to activities and click add
      • Set Type to "Device.Backup.TFTP"
      • Fill in name and description
      • Set schedule under the time tab
      • Add your devices
      • Go to "Options" tab
      • Untick the "file to write to tftp server"
      • Untick the "enter commands in enable mode"
      • In the "optional alternative list of commands" section input the following:-

      %ctUM: Timeout 100

      %ctUM: EchoOff

      config global

      %ctUM: EchoOff

      execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

      %ctUM: EchoOff

      • If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

      F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

      F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

      • Click ok to save

       

      Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

       

      Hope this helps others getting this working.

       

      EDIT

       

      I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

      Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

      I have now tested this on our lab device and I was able to restore the configuration successfully.

       

      Cheers

       

      Jay

       

      Message was edited by: Jaybed --