Here is a small guide to backup Fortigate config with SCP
Using the Web-based manager:
Go to System > Admin > Settings.
Make sure SCP is enabled
Go to System > Network > Interface.
Select the Edit icon for the interface you use for administrative access.
In the Administrative Access section, select the SSH check box.
Click OK.
Create a public-private key pair using a key generator tool compatible with your SCP client.
root@linux:~# ssh-keygen -t rsa -b 2048 -f /tmp/fw-001
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /tmp/fw-001.
Your public key has been saved in /tmp/fw-001.pub.
Save the private key to the location on your computer where your SSH private keys are stored.
root@linux:~# mv /tmp/fw-001.pub /etc/
root@linux:~# mv /tmp/fw-001 /etc/fw-001.sec
Connect to the fortigate using SSH.
root@linux:~# ssh admin@x.x.x.x
config system admin
edit admin
set ssh-public-key1 "[paste content from /etc/fw-001.pub]"
end
And you are done! :)
To trigger the copy, run the following command from bash.
root@linux:~# scp -i /etc/fw-001.sec admin@x.x.x.x:sys_config /backup/fw-001.fg.bin
Using the Web-based manager:
Go to System > Admin > Settings.
Make sure SCP is enabled
Go to System > Network > Interface.
Select the Edit icon for the interface you use for administrative access.
In the Administrative Access section, select the SSH check box.
Click OK.
Create a public-private key pair using a key generator tool compatible with your SCP client.
root@linux:~# ssh-keygen -t rsa -b 2048 -f /tmp/fw-001
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /tmp/fw-001.
Your public key has been saved in /tmp/fw-001.pub.
Save the private key to the location on your computer where your SSH private keys are stored.
root@linux:~# mv /tmp/fw-001.pub /etc/
root@linux:~# mv /tmp/fw-001 /etc/fw-001.sec
Connect to the fortigate using SSH.
root@linux:~# ssh admin@x.x.x.x
config system admin
edit admin
set ssh-public-key1 "[paste content from /etc/fw-001.pub]"
end
And you are done! :)
To trigger the copy, run the following command from bash.
root@linux:~# scp -i /etc/fw-001.sec admin@x.x.x.x:sys_config /backup/fw-001.fg.bin
No comments:
Post a Comment