Fortinet white logo
Fortinet white logo

Backing up configuration files and databases

Backing up configuration files and databases

Back up the FortiAnalyzer configuration file and databases.

It is recommended that you create a system backup file and save this configuration to your local computer. The device configuration file is saved with a .dat extension.

It is also recommended that you verify the integrity of your backup file.

When the database is larger than 2.8 GB, back up the configuration file to an FTP, SFTP, or SCP server using the following CLI command:

execute backup all-settings {ftp | sftp} <ip> <path/filename of server> <username on server> <password> <crptpasswd>

execute backup all-settings scp <ip> <path/filename of server> <SSH certificate> <crptpasswd>

For more information, see the FortiAnalyzer CLI Reference.

To back up your system configuration:
  1. Go to System Settings > Dashboard.
  2. In the System Information widget, locate System Configuration and click Backup. The Backup System dialog opens.
  3. Enter and confirm the password you want to use for encryption. The password can be a maximum of 63 characters.
  4. Click OK and save the backup file on your local computer.
To verify the integrity of a backup file:
  1. Back up your system configuration and save the backup file on your local computer.
  2. Go to System Settings > Event Log.
  3. Locate the system event that was logged as a result of the backup operation from the Event Log table. You may use the Add Filter button from the toolbar above to simplify locating the logged event entry.
  4. In the Changes column for the event log, note the MD5 checksum.

If the checksums match, then the backup process was successful.

Tooltip

Before restoring a configuration with private data encryption enabled, you must first enable this setting on the FortiAnalyzer where the restore is to be performed.

Private data encryption can be enabled in the CLI using command set private-data-encryption enable.

If private data encryption is not enabled, local certificates may not be restored which will prevent remote users from being able to successfully log in.

Backing up configuration files and databases

Backing up configuration files and databases

Back up the FortiAnalyzer configuration file and databases.

It is recommended that you create a system backup file and save this configuration to your local computer. The device configuration file is saved with a .dat extension.

It is also recommended that you verify the integrity of your backup file.

When the database is larger than 2.8 GB, back up the configuration file to an FTP, SFTP, or SCP server using the following CLI command:

execute backup all-settings {ftp | sftp} <ip> <path/filename of server> <username on server> <password> <crptpasswd>

execute backup all-settings scp <ip> <path/filename of server> <SSH certificate> <crptpasswd>

For more information, see the FortiAnalyzer CLI Reference.

To back up your system configuration:
  1. Go to System Settings > Dashboard.
  2. In the System Information widget, locate System Configuration and click Backup. The Backup System dialog opens.
  3. Enter and confirm the password you want to use for encryption. The password can be a maximum of 63 characters.
  4. Click OK and save the backup file on your local computer.
To verify the integrity of a backup file:
  1. Back up your system configuration and save the backup file on your local computer.
  2. Go to System Settings > Event Log.
  3. Locate the system event that was logged as a result of the backup operation from the Event Log table. You may use the Add Filter button from the toolbar above to simplify locating the logged event entry.
  4. In the Changes column for the event log, note the MD5 checksum.

If the checksums match, then the backup process was successful.

Tooltip

Before restoring a configuration with private data encryption enabled, you must first enable this setting on the FortiAnalyzer where the restore is to be performed.

Private data encryption can be enabled in the CLI using command set private-data-encryption enable.

If private data encryption is not enabled, local certificates may not be restored which will prevent remote users from being able to successfully log in.