Automating Fortigate Backups

As you know we cant schedule fortigate backups. So you may schedule a cron job to backup your fortigate box and send the backup via ftp.

Requirements :
Any Linux Server
FTP Server ( may be the same linux machine )

First we need an expect script to send commands to fortigate box then we will execute it via sh script.I wish someone can port it to powershell :)

I assume that your fortigate has VDOMS otherwise you may need change some config global commands you send via script.

Step 1 – Now open an empty file with your favorite editor and fill the necessary fields as below

#! /usr/bin/expect -f

#This will be used for first argument ( your fortigatename for backup file )
set FGTNAME [lindex $argv 0]
#This will be used for second argument ( your FGT IP address. Be sure that you have administrative access to it )
set FGTIP [lindex $argv 1]
set timeout 8000
#Enter your FTP Server IP Address without quotes
set FTP_SERVER_IP “IP Address”
#Enter your FTP Server Username without quotes
set FTP_USER_NAME “ftpusername”
#Enter your FTP Server Password without quotes
set FTP_PASSWORD “ftppassword”
#This will be our date format while writing backup file
set date [clock format [clock seconds] -format {%d-%m-%Y}]

#change the username if you want
spawn ssh admin@$FGTIP

expect {

“password:” {
send “yourFGTpassword\r”}
“(yes/no)? ” {
send “yes\r”
expect “password:” {
send “youFGTpassword\r”}}
}

expect “# ”
send “config global\r”
expect “# ”
send “execute backup full-config ftp /ftppath/$FGTNAME-$date.conf $FTP_SERVER_IP $FTP_USER_NAME $FTP_PASSWORD\r”
expect “# ”
send “exit\r”

Step 2 – now we can schedule a sh script to execute our expect script with arguments
Edit it with your favorite editor.
#!/bin/bash
pathtoyourexpectscript yourfortigatename IPaddress

example :
#!/bin/bash
/home/myexpectscript.ex Fortigate3600C 1.1.1.1

you may customize this script. for example, you can add new arguments for username,password or ftp server etc..

now add this script to crontabs :)

Leave a Reply