FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mturic
Staff
Staff
Article Id 198245
Description
On occasion there can be the need to have a working backup of your FSSO Collector Agent. This can be as a part of disaster recovery, regular maintenance, or moving the Collector Agent to a new server.
The Collector Agent has two GUI options, but each of them lacks the properties of a complete backup:

Sync Configuration With Other Agents: this option is not meant for backup as it only serves to sync the following information between Collector Agents:
- Group filter lists.
- Ignore user lists.

Export Configuration: can be used as a reference or view of possibly changed settings through time, but is not meant for restore due to its text format.

Additionally, an explicit restore button does not exist on the Collector Agent. 

This article describes how to perform a backup and, if needed, a restore of the FSSO Collector Agent configuration.

Scope
Any FSSO Collector Agent.

Solution
Export and restore of the configuration can be done via the registry key.

FSSO Collector Agent has to be listed in the following registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent
Group filters are set in the following registry path:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FSAE\collectoragent\Filter\FGVMxxxxxxxxx]
"groups"="CN=Domain Users,CN=Users,DC=test,DC=local"
Backup configuration via registry key.

Go to Windows Server.
Select 'Start' and type 'regedit' on search program and select it.
  






Go to Computer.

HKEY_LOCAL_MACHINE\software\Wow6432Node\fortinet\fsae\collectoragent.
Select 'collectoragent'.

cborgato_FD39358_tn_FD39358-2.jpg

Select the export option and enter a filename (For example: backup-test.reg)

cborgato_FD39358_tn_FD39358-3.jpg

Restore the configuration via REG KEY

Option 1.

Run the backed up '.reg file'.
By default Windows will try to open it with Registry Editor and will run the import with the registry settings.






After selecting 'Yes', the following warning will appear:





Option 2.

Go to Windows Server:
Select 'start' and type 'regedit' on search program and select it as before.

Go to File -> Import and select the backup file (for example: backup-test.reg) that was previously backed up.







Backup configuration via Export Config Button.

This will export the config to a 'txt' file, but it is not useful for any restore possibility, as it is meant to serve only as a referrence.
Usually it is the config file requested from TAC engineer for assistance.
If saved to the same default location, it gives the option to keep track of config changes between exports.
The actual configuration will be appended to the existing file.

Go to Windows DC Server.
Select 'Start’ and open 'Configure Fortinet Single Sign On Agent'.




Select 'Export Configuration'.
The config will be exported to a file named 'saved_config.txt' stored under "C:\Program Files (x86)\Fortinet\FSAE".



Related Articles

Technical Note: FSSO collector agent failover configuration

Technical Note : Allowing FSSO Ports when using Windows Server 2008 and higher

Contributors