Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
syordanov
Staff
Staff

Created on ‎10-25-2023 08:04 AM

Article Id 279173

Technical Tip: How to perform a backup of a FortiGate using cronjob on a Linux host

Description This article describes how to perform an automatic backup of a FortiGate using cronjob on a Linux host.
Scope FortiGate.
Solution
  1. Generate SSH keys on the Linux host and configure a login without a password between FortiGate and the Linux host. Refer to Technical Tip: How to generate ssh keys on Linux host and use it for public-private key authenticati...
  2. Once password-free access is obtained from the Linux host to FortiGate, it will be possible to configure the cronjob script. Cronjob is a task that can be scheduled to run automatically on every Linux system at a specific time or interval. Cron is a utility that is included in most Linux distributions and it allows to automate different tasks.

In this example, it starts with the expect script which will be used to login into FortiGate and take the full-configuration :


filename /home/admin_ro/bin/FG_backup.sh

 

#!/usr/bin/expect -f

 

# define  remote  Fortigate device and ssh port with username

set host "192.168.1.99"

set port "22"

set user "admin_ro"

 

 

spawn ssh "-p $port" "$user\@$host"

#comment the line bellow if the device has no vdoms

expect " $ " { send "config global\r" }

expect " $ " { send "show  full-configuration\r" }

###Exit from device

expect " $ " { send "exit\r" }


If the username is 'read-only', the script above is suitable because the expect script looks for '$' . If the username is normal, configure the expect script to look for a '#' sign.

To execute the script once or manually, run the following:

 

admin_ro@backup_station:~ $

/home/admin_ro/bin/FG_backup.sh >> /home/admin_ro/FG_backups/backupFG-"`date +"%H-%M-%d-%m-%Y"`"

 

  1. Editing crontab and adding the script for automatic backup:
  • Open a terminal on the Linux system.
  • Type ‘crontab -e’ to edit the crontab table for the user.

There are 2 options: to run the script /home/admin_ro/bin/FG_backup.sh >> /home/admin_ro/FG_backups/backupFG-"`date +"%H-%M-%d-%m-%Y"`" ‘ directly from crontab or to create a bash which will contain the command above.

The difference between running the script directly on the crontab and creating a containing the command that, with Bash script, more flexibility is available and more functionality can be added later.

 

In this example, crontab will have the following:

 

14 11 * * * /home/admin_ro/FG_backups/cron_script.sh

14 and 11 refer to the minutes and hour respectively, so the script will be executed every day at 11:14.

Where cron_script.sh contains the following :

 

#!/bin/bash

 

/home/admin_ro/bin/FG_backup.sh >> /home/admin_ro/FG_backups/backupFG-"`date +"%H-%M-%d-%m-%Y"`"

 

Every file will have a unique name, such as backupFG-12-36-07-04-2023.

 

Keep in mind the following:

  • Make sure that all scripts are executable.
  • Make sure that $PATH variable contains the path for the script. Otherwise, work with absolute paths.
  • Ensure the user can edit the crontab.
558
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.