Fortinet white logo
Fortinet white logo

Administration Guide

System maintenance

System maintenance

The Maintenance menu contains features for use during scheduled maintenance: updates, backups, restoration, and centralized administration.

Note

The Maintenance menu also lets you install firmware using one of the possible methods. For information on this and other installation methods and preparation, see Installing firmware.

This section includes:

Backup and restore

Before installing FortiMail firmware or making significant configuration changes, back up your FortiMail configuration. Backups let you revert to your previous configuration if the new configuration does not function correctly. Backups let you compare changes in configuration.

A complete configuration backup consists of several parts:

  • core configuration file (fml.cfg), including the local certificates
  • Bayesian databases
  • mail queues
  • system, per-domain, and per-user block/safe list databases
  • email users’ address books
  • images and language files for customized appearance of the web UI and webmail

In addition, although they are not part of the configuration, you may want to back up the following data, which may not be retrievable after the configuration is reset:

  • email archives
  • log files (cannot be restored)
  • generated report files (cannot be restored)
  • mailboxes

Items which cannot be backed up include:

  • personal address books (separate from the global address book; these can only be backed up by each email user individually using the webmail interface)
  • quarantines (can be backed up by using a NAS server)
  • SSH keys for remote administrative access
  • greylist auto-exempt state
  • sender reputation state
  • automatic MSISDN reputation blocklist state

Note

Although mailboxes and quarantines cannot be downloaded to your management computer, you can configure the FortiMail unit to back up mail data by storing it externally, on a NAS server. For details, see Selecting the mail data storage location.

To back up the configuration file
  1. Go to System > Maintenance > Configuration.
  2. If you want to back up the configuration now, in the Backup Configuration area:
    • Enable System configuration, User configuration, or IBE data.
    • For user configuration and IBE data, click Update to get the latest configurations.
    • Click Backup.
    • If you want to encrypt the backup file, enable Encryption and enter the password. When you restore the encrypted backup file, you'll be prompted to enter the password.
  3. Your management computer downloads the configuration file. Time required varies by the size of the file and the speed of your network connection.

  4. If you want to set up scheduled backup, in the Scheduled Backup area:
  • Specify the schedule.
  • Enable Local Backup or Remote Backup or both.
  • For local backup, you can view the backup configuration files by backup types: All, Scheduled, or Automatic (automatic configuration backups are always done by the system before firmware upgrade or configuration restore.
  • For remote backup, specify the remote server information and login credentials.
  • Click Apply.
To back up, restore, reset, or repair the Bayesian databases
  1. Go to System > Maintenance > Database Maintenance.
  2. Click the relevant links.
  3. You must update the Bayesian database before you back it up.

To back up the mail queues
  1. Go to System > Maintenance > Mail Queue.
  2. Click Backup Queue.
  3. Your management computer downloads the database file. Time required varies by the size of the file and the speed of your network connection.

To back up the block/safe list database
  1. Go to System > Maintenance > Block/Safe List Maintenance.
  2. Click Export Block/Safe List.
  3. The database will be saved on your management computer as a .fml file. This database file contains the system-wide, per-domain and per-user block lists and safe lists.

To import the block/safe list database
  1. Go to System > Maintenance > Block/Safe List Maintenance.
  2. Click Import Block/Safe List.
  3. The file to be imported must be the .fml file that has been exported from FortiMail.

To back up email users’ accounts (server mode only)
  1. Go to Domain & User > User > User.
  2. Click Export .CSV.
  3. Your management computer downloads the user account spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up the global address book (server mode only)
  1. Go to Domain & User > Address Book > Contact.
  2. Click Export.
  3. On the pop-up menu, select CSV.
  4. You are prompted for a location to save the file. Follow the prompts and click Save.

    Your management computer downloads the address book spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up customized appearances of the web UI and webmail UI
  1. Go to System > Customization > Appearance.
  2. In Administration interface, for each image file, save the image to your management computer.
  3. Methods vary by web browser. For example, you might need to click and drag the images into a folder on your management computer in order to save them to that folder. For instructions, see your browser’s documentation.

  4. Click the arrow to expand Webmail interface.
  5. For each webmail language, click the name of the language to select it, then click Download.
  6. Your management computer downloads the language file. Time required varies by the size of the file and the speed of your network connection.

  7. To back up email archives go to System > Maintenance > Mail Data.
  8. Note

    In addition to downloading email archives to your management computer, you can configure the FortiMail unit to store email archives on an SFTP or FTP server. For details, see Managing archived email and Configuring email archiving accounts.

  9. Continue using the instructions in Configuring mailbox backups.
See also

Backing up your configuration using the CLI

Backing up and restoring the mailboxes

Backing up your configuration using the CLI

If you only want to back up the core configuration file, you can perform this backup using the CLI.

Caution

The core configuration file does not contain all configuration data. Failure to perform a complete backup could result in data loss of items such as Bayesian databases, dictionary databases, mail queues, and other items. For details on performing a complete backup, see Backup and restore.

To back up the configuration file using the CLI, enter the following command:

execute backup config tftp <filename_str> <tftp_ipv4>

where:

  • <filename_str> is the name of the file located in the TFTP server’s root directory
  • <tftp_ipv4> is the IP address of the TFTP server
See also

Backup and restore

Backing up and restoring the mailboxes

Backing up your configuration using a FortiManager unit

You can back up the core configuration file to a FortiManager unit instead of your management computer.

Note

For FortiMail v4.0, this feature is supported in FortiManager v4.2 and newer releases.

Before you can do this, you must first enable and configure centralized administration by a FortiManager unit. For details, see Configuring centralized administration.

Note

The core configuration file does not contain all configuration data. Failure to perform a complete backup could result in data loss of items such as Bayesian databases, dictionary databases, mail queues, and other items. For details on performing a complete backup, see Backup and restore.

To back up the configuration file to a FortiManager unit
  1. Go to System > Maintenance > Configuration.
  2. In the Backup Configuration area, select FortiManager.
  3. This option is available only if you have configured the FortiMail unit to connect to a FortiManager unit. For details, see Configuring centralized administration.

  4. Enable System configuration. If you want the configuration backup to include user preferences and IBE data, click Update to update the backup’s cache of user preferences and IBE data, then also enable User configuration and IBE data.
  5. Click Backup.
  6. When the backup completes, a confirmation message appears.

  7. Click OK.

Scheduling configuration backup

Instead of backing up your configuration manually (see the previous sections), you can also configure a schedule to back up the configuration automatically to the FortiMail local hard drive or a remote FTP/SFTP server.

To schedule the configuration backup
  1. Go to System > Maintenance > Configuration.
  2. Under Scheduled Backup, configure the schedule time and the maximum backup number. When the maximum number is reached, the oldest version will be overwritten.
  3. Enable Local backup if you want to back up locally.
  4. Enable Remote backup and configure the FTP/SFTP server credentials if you want to back up remotely.
  5. Click Apply.
See also

Backup and restore

Backing up your configuration using the CLI

Restoring the configuration

Caution

Only the super admin user can restore system configuration and the firmware.

In the Restore Configuration area under System > Maintenance > Configuration, you can restore the backup FortiMail configuration from your local PC. Note that if the backup file is encrypted, you'll be prompted to enter the password. For details, see Restoring the configuration.

Restoring the firmware

Caution

Only the super admin user can restore system configuration and the firmware.

In the Restore Firmware area under System > Maintenance > Configuration, you can install a FortiMail firmware from your local PC. For details, see Installing firmware.

Backing up and restoring the mailboxes

The System > Maintenance > Mail Data tab lets you back and restore all mail data, including system quarantine, email users’ personal quarantines, user preferences, archived email, and server mode webmail mailboxes. You can also monitor the status of any backup or restoration that is currently in progress.

Note

Mail data backup only works for local storage. If you have configured remote storage (see Selecting the mail data storage location), mail data cannot be backed up.

This section contains the following topics:

Viewing the mailbox backup/restoration status

Go to System > Maintenance > Mail Data to view the progress if you are backing up or restoring mail data.

If backup and restoration are enabled, the appearance of this tab varies by:

  • whether the FortiMail unit is currently backing up or restoring mailboxes
  • whether the FortiMail unit has previously backed up or restored any mailboxes
  • whether the previous backup or restoration attempt was successful
Backing up and restoring mailboxes from System > Maintenance > Mail Data

GUI item

Description

Automatically refresh interval

Select the interval in seconds to set how often the web UI automatically refreshes its display of this tab.

Refresh

(button)

Click to manually refresh the tab’s display.

Status

Indicates the current activity of mailbox data backup or restoration. If backup and restoration are currently disabled, the Status area of the Mail Data tab displays the message:

Backup/Restore is currently disabled.

To enable mailbox backups, see Configuring mailbox backups.

State

Displays he current mailbox backup or restoration status, one of:

  • IDLE: No backup or restoration is currently occurring. To begin a backup, at the bottom of the status section, click Click here to start a backup. To begin a restoration, in the Restore options section, click Restore.
  • BACKING UP: The FortiMail unit is currently creating a backup copy of the mailboxes to the backup media configured in Configuring mailbox backups.
  • RESTORING: The FortiMail unit is currently restoring a backup copy of the mailboxes from the backup media configured in Configuring mailbox backups.
  • STOPPING: You have cancelled a backup or restoration that was in progress, and the FortiMail unit is halting the backup or restoration process.
  • CHECKING: The FortiMail unit is currently checking the file system integrity of the backup media. This state occurs only if you have configured a block-level backup media (either a USB disk or iSCSI server) in Configuring mailbox backups.
  • FORMATTING: The FortiMail unit is currently formatting the file system of the backup media. This state occurs only if you have configured a block-level backup media (either a USB disk or iSCSI server) in Configuring mailbox backups.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the backup or restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups and configured the restoration item correctly in Restoring mailboxes from backups.

Note: If a backup or restoration has failed, you may need to reboot the FortiMail unit before you can try again.

Objects Copied (Total)

Indicates the number of files transferred to or from the backup media so far, and the total amount that will be transferred when the backup or restoration is complete.

Bytes Copied (Total)

Indicates the number of bytes of data transferred to or from the backup media so far, and the total amount that will be transferred when the backup or restoration is complete.

Percentage Complete

Indicates the percentage of bytes of data transferred to or from the backup media so far.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the backup or restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups and configured the restoration item correctly in Restoring mailboxes from backups.

Status

Indicates the step of the backup or restoration that is currently occurring, such as OK (stopping file systems).

Total number of errors is

Indicates the number of errors that occurred during the previous backup attempt. If any errors occurred, they may also be individually listed.

For example, if the backup media is an NFS server, and the NFS share could not be mounted, such as if the FortiMail unit could not contact the NFS server or did not have permissions to access the share, an error message similar to the following would appear:

failed to mount archive filesystem [protocol=nfs,host=192.168.1.10,port=2049,directory=/home/fortimail]

stopped, waiting for requested shutdown

watch dog stopped, killing backup process

This field appears only if the previous backup attempt was not successful.

Last Backup

Indicates the date and time of the previous backup attempt. If a backup has not yet occurred, this field displays the message, No backup has been run.

Last Restore

Indicates the date and time of the previous restoration attempt. If a restoration has not yet occurred, this field is empty.

Click here to start a backup

Click to manually initiate an immediate mailbox backup to the media configured in Configuring mailbox backups. Time required to complete a backup varies by the size of the backup and the speed of your network connection, and also by whether the backup is a full or incremental backup.

Alternatively, you can schedule the FortiMail unit to automatically back up the mailboxes. For details, see Configuring mailbox backups.

This link does not appear if a backup or restoration is currently in progress.

Click here to format backup device

If you use a USB device for backup, use this link to format the device for use with FortiMail.

Click here to check file system on backup device

If you use a USB device for backup, use this link to determine if the device is compatible for use with FortiMail.

Click here to stop the current backup

Click to cancel a backup that is currently in progress.

Time required to cancel the backup varies by the backup media, but may be up to 30 seconds.

This link appears only if a backup is currently in progress.

Click here to stop the current restore

Click to cancel a restore that is currently in progress.

Time required to cancel the restore varies by the restore media, but may be up to 30 seconds.

This link appears only if a restore is currently in progress.

See also

Viewing the mailbox backup/restoration status

Configuring mailbox backups

Restoring mailboxes from backups

Configuring mailbox backups

Use the Backup Options area of the Mail Data tab to configure which backup media to use when you back up or restore email users’ mailboxes. You can also configure the schedule the FortiMail unit uses to automatically perform backups.

Note

You can only back up mail data when you store the data locally on the FortiMail hard disk. If you store the mail data on a NAS device, you cannot back up the data. For information about selecting a storage device, see Selecting the mail data storage location.

While a backup or restoration is occurring, you cannot change the configuration of this area, and this area will display the message:

Backup/Restore is busy, no configuration changes can be made.

However, you can view the status of the backup or restoration to determine if there are any errors. You can also manually initiate an immediate backup if the backup media was unavailable at the time of a previously scheduled backup. For details, see Backing up and restoring the mailboxes.

Before you can manually initiate a backup, or in order to configure automatic scheduled backups, you must first enable backups and configure the backup media.

To configure backups
  1. Go to System > Maintenance > Mail Data.
  2. Configure the following in the Backup Options section:

GUI item

Description

Enable

Mark this check box, configure all other options in this area, then click Apply to enable backups and restoration of email users’ mailboxes.

Copies of full backups

Enter a number of full backups to keep on the backup device.

Schedule [full}

Schedule [incremental]

The Schedule options are disabled if Protocol is External USB (auto detect).

Full backup will back up the entire mail data, while incremental backup will back up the newer data since the previous backup.

To minimize performance impacts, consider scheduling backups during a time of the day and day of the week when email traffic volume is typically low, such as at night on the weekend.

If the backup media is not available when the backup is scheduled to occur, the FortiMail unit will re-attempt the backup at the next scheduled time.

Regardless of whether or not scheduled backups are enabled, you can manually initiate backups. For details, see Backing up and restoring the mailboxes.

Device

Protocol

Select one of the following types of backup media:

  • NFS: A network file system (NFS) server.
  • SMB/Windows Server: A Windows-style file share.
  • SSH File System: A server that supports secure shell (SSH) connections.
  • External USB Device: An external hard drive connected to the FortiMail unit’s USB port.
  • External USB Device (auto detect): An external disk connected to the FortiMail unit’s USB port. Unlike the previous option, this option only creates a backup when you connect the USB disk, or when you manually initiate a backup using Backing up and restoring the mailboxes, rather than according to a schedule.
  • ISCSI Server: An Internet SCSI (Small Computer System Interface), also called iSCSI server.

The availability of the following options varies with the device chosen.

Username

Enter the user name of the FortiMail unit’s account on the backup server.

Domain

If you choose SMB/Windows Server as the backup media AND if the account name has a domain part, you must enter the domain name as well.

Password

Enter the password of the FortiMail unit’s account on the backup server.

Hostname/IP address

Enter the IP address or fully qualified domain name (FQDN) of the NFS, Windows, SSH, or iSCSI server.

Port

Enter the TCP port number on which the backup server listens for connections.

Directory

Enter the path of the folder on the backup server where the FortiMail unit will store the mailbox backups, such as:

/home/fortimail/mailboxbackups

Note: Do not use special characters such as a tilde ( ~ ). Special characters will cause the backup to fail.

Share

Enter the path of the folder on the backup server where the FortiMail unit will store the mailbox backups, such as:

FortiMailMailboxBackups

Note: Do NOT type / before the path name.

Encryption key

Enter the key that will be used to encrypt data stored on the backup media. Valid key lengths are between 6 and 64 single-byte characters.

ISCSI ID

Enter the iSCSI identifier in the format expected by the iSCSI server, such as an iSCSI Qualified Name (IQN), Extended Unique Identifier (EUI), or T11 Network Address Authority (NAA).

See also

Viewing the mailbox backup/restoration status

Backing up and restoring the mailboxes

Restoring mailboxes from backups

Restoring mailboxes from backups

The Restore Options area of the Mail Data tab lets you selectively restore email users’ mailboxes from mailbox backups.

If a backup or restoration is currently in progress, this area will display the message:

Backup/Restore is busy, no restore can be started till it finishes.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups.

To configure restoration
  1. Go to System > Maintenance > Mail Data.
  2. Configure the following in the Restore Options section:
  3. GUI item

    Description

    Created by this device

    Select to restore mailboxes from backups identified by the current fully qualified domain name (FQDN) of this FortiMail unit.

    If you changed the host name and/or local domain name of the FortiMail unit, the backup files are still identified by the previous FQDN. In this case, do not select this option. Instead, use the Created by option.

    Created by

    Select to restore mailboxes from backups identified by another FQDN or the FQDN of another FortiMail unit. Usually, you should enter an FQDN of this FortiMail unit, but you may enter only the host name if the local domain name is not configured, or enter the FQDN of another FortiMail unit if you want to import that FortiMail unit’s mailbox backup.

    For example, assume you are upgrading to a FortiMail-2000 from a FortiMail-400 and have used a USB disk to store a backup of the mailboxes of the FortiMail‑400, whose FQDN was fortimail.example.com. Configure the FortiMail-2000 to also use the USB disk as backup media. Then import the FortiMail-400’s mailbox backup to the FortiMail-2000 by entering fortimail.example.com in this field for the FortiMail-2000.

    For this domain

    Mark this check box if you want to restore only the mailboxes of a specific protected domain, then select the name of the protected domain from the drop-down list.

    If you want to restore only the mailbox of a specific email user within this protected domain, also configure For this user.

    For this user

    Mark this check box if you want to restore only the mailbox of a specific email user, then enter the name of the email user account, such as user1.

    This option is available only if For this domain is enabled.

    Restore(button)

    Click to restore mailboxes from the most recent full or incremental backup stored on the backup media configured on Configuring mailbox backups.

    Time required to complete a restoration varies by the size of the backup and the speed of your network connection, and also by whether the backup was a full or incremental backup.

    Note: To restore from a specific full and incremental version of backup, you can use the CLI command “execute backup-restore old-restore <full_int> <increments_int> domain <domain_str> user <user_str>”.

    Caution: Back up mailboxes before selecting this button. Restoring mailboxes overwrites all mailboxes that currently exist.

  4. To manually initiate restoration of mail data, click Restore.

Downloading a trace file

If Fortinet Technical Support requests a trace log for system analysis purposes, you can download one using the web UI.

Trace logs are compressed into an archive (.gz), and contain information that is supplementary to debug-level log files.

To download a trace file
  1. Go to System > Maintenance > Configuration.
  2. At the bottom of the tab, click Download trace log.

System maintenance

System maintenance

The Maintenance menu contains features for use during scheduled maintenance: updates, backups, restoration, and centralized administration.

Note

The Maintenance menu also lets you install firmware using one of the possible methods. For information on this and other installation methods and preparation, see Installing firmware.

This section includes:

Backup and restore

Before installing FortiMail firmware or making significant configuration changes, back up your FortiMail configuration. Backups let you revert to your previous configuration if the new configuration does not function correctly. Backups let you compare changes in configuration.

A complete configuration backup consists of several parts:

  • core configuration file (fml.cfg), including the local certificates
  • Bayesian databases
  • mail queues
  • system, per-domain, and per-user block/safe list databases
  • email users’ address books
  • images and language files for customized appearance of the web UI and webmail

In addition, although they are not part of the configuration, you may want to back up the following data, which may not be retrievable after the configuration is reset:

  • email archives
  • log files (cannot be restored)
  • generated report files (cannot be restored)
  • mailboxes

Items which cannot be backed up include:

  • personal address books (separate from the global address book; these can only be backed up by each email user individually using the webmail interface)
  • quarantines (can be backed up by using a NAS server)
  • SSH keys for remote administrative access
  • greylist auto-exempt state
  • sender reputation state
  • automatic MSISDN reputation blocklist state

Note

Although mailboxes and quarantines cannot be downloaded to your management computer, you can configure the FortiMail unit to back up mail data by storing it externally, on a NAS server. For details, see Selecting the mail data storage location.

To back up the configuration file
  1. Go to System > Maintenance > Configuration.
  2. If you want to back up the configuration now, in the Backup Configuration area:
    • Enable System configuration, User configuration, or IBE data.
    • For user configuration and IBE data, click Update to get the latest configurations.
    • Click Backup.
    • If you want to encrypt the backup file, enable Encryption and enter the password. When you restore the encrypted backup file, you'll be prompted to enter the password.
  3. Your management computer downloads the configuration file. Time required varies by the size of the file and the speed of your network connection.

  4. If you want to set up scheduled backup, in the Scheduled Backup area:
  • Specify the schedule.
  • Enable Local Backup or Remote Backup or both.
  • For local backup, you can view the backup configuration files by backup types: All, Scheduled, or Automatic (automatic configuration backups are always done by the system before firmware upgrade or configuration restore.
  • For remote backup, specify the remote server information and login credentials.
  • Click Apply.
To back up, restore, reset, or repair the Bayesian databases
  1. Go to System > Maintenance > Database Maintenance.
  2. Click the relevant links.
  3. You must update the Bayesian database before you back it up.

To back up the mail queues
  1. Go to System > Maintenance > Mail Queue.
  2. Click Backup Queue.
  3. Your management computer downloads the database file. Time required varies by the size of the file and the speed of your network connection.

To back up the block/safe list database
  1. Go to System > Maintenance > Block/Safe List Maintenance.
  2. Click Export Block/Safe List.
  3. The database will be saved on your management computer as a .fml file. This database file contains the system-wide, per-domain and per-user block lists and safe lists.

To import the block/safe list database
  1. Go to System > Maintenance > Block/Safe List Maintenance.
  2. Click Import Block/Safe List.
  3. The file to be imported must be the .fml file that has been exported from FortiMail.

To back up email users’ accounts (server mode only)
  1. Go to Domain & User > User > User.
  2. Click Export .CSV.
  3. Your management computer downloads the user account spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up the global address book (server mode only)
  1. Go to Domain & User > Address Book > Contact.
  2. Click Export.
  3. On the pop-up menu, select CSV.
  4. You are prompted for a location to save the file. Follow the prompts and click Save.

    Your management computer downloads the address book spreadsheet file. Time required varies by the size of the file and the speed of your network connection.

To back up customized appearances of the web UI and webmail UI
  1. Go to System > Customization > Appearance.
  2. In Administration interface, for each image file, save the image to your management computer.
  3. Methods vary by web browser. For example, you might need to click and drag the images into a folder on your management computer in order to save them to that folder. For instructions, see your browser’s documentation.

  4. Click the arrow to expand Webmail interface.
  5. For each webmail language, click the name of the language to select it, then click Download.
  6. Your management computer downloads the language file. Time required varies by the size of the file and the speed of your network connection.

  7. To back up email archives go to System > Maintenance > Mail Data.
  8. Note

    In addition to downloading email archives to your management computer, you can configure the FortiMail unit to store email archives on an SFTP or FTP server. For details, see Managing archived email and Configuring email archiving accounts.

  9. Continue using the instructions in Configuring mailbox backups.
See also

Backing up your configuration using the CLI

Backing up and restoring the mailboxes

Backing up your configuration using the CLI

If you only want to back up the core configuration file, you can perform this backup using the CLI.

Caution

The core configuration file does not contain all configuration data. Failure to perform a complete backup could result in data loss of items such as Bayesian databases, dictionary databases, mail queues, and other items. For details on performing a complete backup, see Backup and restore.

To back up the configuration file using the CLI, enter the following command:

execute backup config tftp <filename_str> <tftp_ipv4>

where:

  • <filename_str> is the name of the file located in the TFTP server’s root directory
  • <tftp_ipv4> is the IP address of the TFTP server
See also

Backup and restore

Backing up and restoring the mailboxes

Backing up your configuration using a FortiManager unit

You can back up the core configuration file to a FortiManager unit instead of your management computer.

Note

For FortiMail v4.0, this feature is supported in FortiManager v4.2 and newer releases.

Before you can do this, you must first enable and configure centralized administration by a FortiManager unit. For details, see Configuring centralized administration.

Note

The core configuration file does not contain all configuration data. Failure to perform a complete backup could result in data loss of items such as Bayesian databases, dictionary databases, mail queues, and other items. For details on performing a complete backup, see Backup and restore.

To back up the configuration file to a FortiManager unit
  1. Go to System > Maintenance > Configuration.
  2. In the Backup Configuration area, select FortiManager.
  3. This option is available only if you have configured the FortiMail unit to connect to a FortiManager unit. For details, see Configuring centralized administration.

  4. Enable System configuration. If you want the configuration backup to include user preferences and IBE data, click Update to update the backup’s cache of user preferences and IBE data, then also enable User configuration and IBE data.
  5. Click Backup.
  6. When the backup completes, a confirmation message appears.

  7. Click OK.

Scheduling configuration backup

Instead of backing up your configuration manually (see the previous sections), you can also configure a schedule to back up the configuration automatically to the FortiMail local hard drive or a remote FTP/SFTP server.

To schedule the configuration backup
  1. Go to System > Maintenance > Configuration.
  2. Under Scheduled Backup, configure the schedule time and the maximum backup number. When the maximum number is reached, the oldest version will be overwritten.
  3. Enable Local backup if you want to back up locally.
  4. Enable Remote backup and configure the FTP/SFTP server credentials if you want to back up remotely.
  5. Click Apply.
See also

Backup and restore

Backing up your configuration using the CLI

Restoring the configuration

Caution

Only the super admin user can restore system configuration and the firmware.

In the Restore Configuration area under System > Maintenance > Configuration, you can restore the backup FortiMail configuration from your local PC. Note that if the backup file is encrypted, you'll be prompted to enter the password. For details, see Restoring the configuration.

Restoring the firmware

Caution

Only the super admin user can restore system configuration and the firmware.

In the Restore Firmware area under System > Maintenance > Configuration, you can install a FortiMail firmware from your local PC. For details, see Installing firmware.

Backing up and restoring the mailboxes

The System > Maintenance > Mail Data tab lets you back and restore all mail data, including system quarantine, email users’ personal quarantines, user preferences, archived email, and server mode webmail mailboxes. You can also monitor the status of any backup or restoration that is currently in progress.

Note

Mail data backup only works for local storage. If you have configured remote storage (see Selecting the mail data storage location), mail data cannot be backed up.

This section contains the following topics:

Viewing the mailbox backup/restoration status

Go to System > Maintenance > Mail Data to view the progress if you are backing up or restoring mail data.

If backup and restoration are enabled, the appearance of this tab varies by:

  • whether the FortiMail unit is currently backing up or restoring mailboxes
  • whether the FortiMail unit has previously backed up or restored any mailboxes
  • whether the previous backup or restoration attempt was successful
Backing up and restoring mailboxes from System > Maintenance > Mail Data

GUI item

Description

Automatically refresh interval

Select the interval in seconds to set how often the web UI automatically refreshes its display of this tab.

Refresh

(button)

Click to manually refresh the tab’s display.

Status

Indicates the current activity of mailbox data backup or restoration. If backup and restoration are currently disabled, the Status area of the Mail Data tab displays the message:

Backup/Restore is currently disabled.

To enable mailbox backups, see Configuring mailbox backups.

State

Displays he current mailbox backup or restoration status, one of:

  • IDLE: No backup or restoration is currently occurring. To begin a backup, at the bottom of the status section, click Click here to start a backup. To begin a restoration, in the Restore options section, click Restore.
  • BACKING UP: The FortiMail unit is currently creating a backup copy of the mailboxes to the backup media configured in Configuring mailbox backups.
  • RESTORING: The FortiMail unit is currently restoring a backup copy of the mailboxes from the backup media configured in Configuring mailbox backups.
  • STOPPING: You have cancelled a backup or restoration that was in progress, and the FortiMail unit is halting the backup or restoration process.
  • CHECKING: The FortiMail unit is currently checking the file system integrity of the backup media. This state occurs only if you have configured a block-level backup media (either a USB disk or iSCSI server) in Configuring mailbox backups.
  • FORMATTING: The FortiMail unit is currently formatting the file system of the backup media. This state occurs only if you have configured a block-level backup media (either a USB disk or iSCSI server) in Configuring mailbox backups.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the backup or restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups and configured the restoration item correctly in Restoring mailboxes from backups.

Note: If a backup or restoration has failed, you may need to reboot the FortiMail unit before you can try again.

Objects Copied (Total)

Indicates the number of files transferred to or from the backup media so far, and the total amount that will be transferred when the backup or restoration is complete.

Bytes Copied (Total)

Indicates the number of bytes of data transferred to or from the backup media so far, and the total amount that will be transferred when the backup or restoration is complete.

Percentage Complete

Indicates the percentage of bytes of data transferred to or from the backup media so far.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the backup or restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups and configured the restoration item correctly in Restoring mailboxes from backups.

Status

Indicates the step of the backup or restoration that is currently occurring, such as OK (stopping file systems).

Total number of errors is

Indicates the number of errors that occurred during the previous backup attempt. If any errors occurred, they may also be individually listed.

For example, if the backup media is an NFS server, and the NFS share could not be mounted, such as if the FortiMail unit could not contact the NFS server or did not have permissions to access the share, an error message similar to the following would appear:

failed to mount archive filesystem [protocol=nfs,host=192.168.1.10,port=2049,directory=/home/fortimail]

stopped, waiting for requested shutdown

watch dog stopped, killing backup process

This field appears only if the previous backup attempt was not successful.

Last Backup

Indicates the date and time of the previous backup attempt. If a backup has not yet occurred, this field displays the message, No backup has been run.

Last Restore

Indicates the date and time of the previous restoration attempt. If a restoration has not yet occurred, this field is empty.

Click here to start a backup

Click to manually initiate an immediate mailbox backup to the media configured in Configuring mailbox backups. Time required to complete a backup varies by the size of the backup and the speed of your network connection, and also by whether the backup is a full or incremental backup.

Alternatively, you can schedule the FortiMail unit to automatically back up the mailboxes. For details, see Configuring mailbox backups.

This link does not appear if a backup or restoration is currently in progress.

Click here to format backup device

If you use a USB device for backup, use this link to format the device for use with FortiMail.

Click here to check file system on backup device

If you use a USB device for backup, use this link to determine if the device is compatible for use with FortiMail.

Click here to stop the current backup

Click to cancel a backup that is currently in progress.

Time required to cancel the backup varies by the backup media, but may be up to 30 seconds.

This link appears only if a backup is currently in progress.

Click here to stop the current restore

Click to cancel a restore that is currently in progress.

Time required to cancel the restore varies by the restore media, but may be up to 30 seconds.

This link appears only if a restore is currently in progress.

See also

Viewing the mailbox backup/restoration status

Configuring mailbox backups

Restoring mailboxes from backups

Configuring mailbox backups

Use the Backup Options area of the Mail Data tab to configure which backup media to use when you back up or restore email users’ mailboxes. You can also configure the schedule the FortiMail unit uses to automatically perform backups.

Note

You can only back up mail data when you store the data locally on the FortiMail hard disk. If you store the mail data on a NAS device, you cannot back up the data. For information about selecting a storage device, see Selecting the mail data storage location.

While a backup or restoration is occurring, you cannot change the configuration of this area, and this area will display the message:

Backup/Restore is busy, no configuration changes can be made.

However, you can view the status of the backup or restoration to determine if there are any errors. You can also manually initiate an immediate backup if the backup media was unavailable at the time of a previously scheduled backup. For details, see Backing up and restoring the mailboxes.

Before you can manually initiate a backup, or in order to configure automatic scheduled backups, you must first enable backups and configure the backup media.

To configure backups
  1. Go to System > Maintenance > Mail Data.
  2. Configure the following in the Backup Options section:

GUI item

Description

Enable

Mark this check box, configure all other options in this area, then click Apply to enable backups and restoration of email users’ mailboxes.

Copies of full backups

Enter a number of full backups to keep on the backup device.

Schedule [full}

Schedule [incremental]

The Schedule options are disabled if Protocol is External USB (auto detect).

Full backup will back up the entire mail data, while incremental backup will back up the newer data since the previous backup.

To minimize performance impacts, consider scheduling backups during a time of the day and day of the week when email traffic volume is typically low, such as at night on the weekend.

If the backup media is not available when the backup is scheduled to occur, the FortiMail unit will re-attempt the backup at the next scheduled time.

Regardless of whether or not scheduled backups are enabled, you can manually initiate backups. For details, see Backing up and restoring the mailboxes.

Device

Protocol

Select one of the following types of backup media:

  • NFS: A network file system (NFS) server.
  • SMB/Windows Server: A Windows-style file share.
  • SSH File System: A server that supports secure shell (SSH) connections.
  • External USB Device: An external hard drive connected to the FortiMail unit’s USB port.
  • External USB Device (auto detect): An external disk connected to the FortiMail unit’s USB port. Unlike the previous option, this option only creates a backup when you connect the USB disk, or when you manually initiate a backup using Backing up and restoring the mailboxes, rather than according to a schedule.
  • ISCSI Server: An Internet SCSI (Small Computer System Interface), also called iSCSI server.

The availability of the following options varies with the device chosen.

Username

Enter the user name of the FortiMail unit’s account on the backup server.

Domain

If you choose SMB/Windows Server as the backup media AND if the account name has a domain part, you must enter the domain name as well.

Password

Enter the password of the FortiMail unit’s account on the backup server.

Hostname/IP address

Enter the IP address or fully qualified domain name (FQDN) of the NFS, Windows, SSH, or iSCSI server.

Port

Enter the TCP port number on which the backup server listens for connections.

Directory

Enter the path of the folder on the backup server where the FortiMail unit will store the mailbox backups, such as:

/home/fortimail/mailboxbackups

Note: Do not use special characters such as a tilde ( ~ ). Special characters will cause the backup to fail.

Share

Enter the path of the folder on the backup server where the FortiMail unit will store the mailbox backups, such as:

FortiMailMailboxBackups

Note: Do NOT type / before the path name.

Encryption key

Enter the key that will be used to encrypt data stored on the backup media. Valid key lengths are between 6 and 64 single-byte characters.

ISCSI ID

Enter the iSCSI identifier in the format expected by the iSCSI server, such as an iSCSI Qualified Name (IQN), Extended Unique Identifier (EUI), or T11 Network Address Authority (NAA).

See also

Viewing the mailbox backup/restoration status

Backing up and restoring the mailboxes

Restoring mailboxes from backups

Restoring mailboxes from backups

The Restore Options area of the Mail Data tab lets you selectively restore email users’ mailboxes from mailbox backups.

If a backup or restoration is currently in progress, this area will display the message:

Backup/Restore is busy, no restore can be started till it finishes.

If after some time the progress remains at 0%, or eventually silently reverts to an IDLE state without the restoration having finished, the operation has failed. Verify connectivity with the backup media (this is especially true with NFS, SSH, and iSCSI backup methods, where network connectivity issues can cause the FortiMail’s attempt to mount the backup file system to fail). Also verify that you have configured the backup media correctly in Configuring mailbox backups.

To configure restoration
  1. Go to System > Maintenance > Mail Data.
  2. Configure the following in the Restore Options section:
  3. GUI item

    Description

    Created by this device

    Select to restore mailboxes from backups identified by the current fully qualified domain name (FQDN) of this FortiMail unit.

    If you changed the host name and/or local domain name of the FortiMail unit, the backup files are still identified by the previous FQDN. In this case, do not select this option. Instead, use the Created by option.

    Created by

    Select to restore mailboxes from backups identified by another FQDN or the FQDN of another FortiMail unit. Usually, you should enter an FQDN of this FortiMail unit, but you may enter only the host name if the local domain name is not configured, or enter the FQDN of another FortiMail unit if you want to import that FortiMail unit’s mailbox backup.

    For example, assume you are upgrading to a FortiMail-2000 from a FortiMail-400 and have used a USB disk to store a backup of the mailboxes of the FortiMail‑400, whose FQDN was fortimail.example.com. Configure the FortiMail-2000 to also use the USB disk as backup media. Then import the FortiMail-400’s mailbox backup to the FortiMail-2000 by entering fortimail.example.com in this field for the FortiMail-2000.

    For this domain

    Mark this check box if you want to restore only the mailboxes of a specific protected domain, then select the name of the protected domain from the drop-down list.

    If you want to restore only the mailbox of a specific email user within this protected domain, also configure For this user.

    For this user

    Mark this check box if you want to restore only the mailbox of a specific email user, then enter the name of the email user account, such as user1.

    This option is available only if For this domain is enabled.

    Restore(button)

    Click to restore mailboxes from the most recent full or incremental backup stored on the backup media configured on Configuring mailbox backups.

    Time required to complete a restoration varies by the size of the backup and the speed of your network connection, and also by whether the backup was a full or incremental backup.

    Note: To restore from a specific full and incremental version of backup, you can use the CLI command “execute backup-restore old-restore <full_int> <increments_int> domain <domain_str> user <user_str>”.

    Caution: Back up mailboxes before selecting this button. Restoring mailboxes overwrites all mailboxes that currently exist.

  4. To manually initiate restoration of mail data, click Restore.

Downloading a trace file

If Fortinet Technical Support requests a trace log for system analysis purposes, you can download one using the web UI.

Trace logs are compressed into an archive (.gz), and contain information that is supplementary to debug-level log files.

To download a trace file
  1. Go to System > Maintenance > Configuration.
  2. At the bottom of the tab, click Download trace log.