Fortinet white logo
Fortinet white logo

Administration Guide

Remote backup configuration

Remote backup configuration

Backups of the database and other files occur automatically when the Backup Database and Purge Events scheduled tasks run. The backup files are stored on the local appliance.

The Administrator can additionally configure FortiNAC to place a copy of the database and other directories on an ftp and/or other remote server for safekeeping. The backup files are placed in time and date stamped files named DataBase_BackUp_YYYY-MM_DD_HH_mm_SS.gz.

Backup directory files

Appliance

Directories Included in Backup File

FortiNAC Server

/etc

/home/cm

/root

/var/spool/cron

/bsc/Registration

/bsc/Remediation

/bsc/Hub

/bsc/Authentication

/bsc/DeadEnd

/bsc/CommonJspFiles

/bsc/VPN

/bsc/WWW

/bsc/WEB-INF

/home/admin

/bsc/clientValidation

/bsc/siteConfiguration

/bsc/services

/bsc/campusMgr/master_loader/telnetMibs

/bsc/campusMgr/master_loader/customTraps

FortiNAC Control Server

/etc

/root

/home/cm

/home/admin

/var/spool/cron

/bsc/clientValidation

/bsc/siteConfiguration

/bsc/services

/bsc/campusMgr/master_loader/telnetMibs

/bsc/campusMgr/master_loader/customTraps

FortiNAC Application Server

/etc

/home/cm

/root

/home/admin

/var/spool/cron

/bsc/Registration

/bsc/Remediation

/bsc/Hub

/bsc/Authentication

/bsc/DeadEnd

/bsc/CommonJspFiles

/bsc/VPN

/bsc/www

/bsc/siteConfiguration

/bsc/services

/bsc/WEB-INF

Note

When configuring the backup for a FortiNAC Application Server and FortiNAC Control Server pair, the remote back up is only configured on the FortiNAC Control Servere. The backup files from both servers will be placed in the directory specified. The host name of the appliance will be prefixed to the backup filename.

Configure the backup destination

Remote Backup Configuration defines the connection details used to copy files to a third party (remote) server when the Database Backup task is run in Scheduler. Transferring the backup files can be done using FTP and/or SSH protocols.

Remote server configuration using FTP
  1. Create an account on the remote FTP server to be used by FortiNAC for backup file transfer.
  2. Create a folder to which FortiNAC will copy the files.

For instructions on completing the above tasks, consult documentation specific to the FTP application used.

Remote server configuration using SSH

SSH communication must be established between the FortiNAC Control Server or FortiNAC Server and the remote backup server for the SSH remote backups to be successful. Ensure that the public key for the root user on the host being backed up has been appended to the authorized_keys file in the <root home dir>/.ssh directory of the remote server. In the case of high availability, the SSH keys for both the primary and secondary must be appended to the authorized_keys file.

Copy the SSH key to the remote server account (Linux)
  1. Access the CLI on the FortiNAC Control Server as root.
  2. Navigate to the .ssh directory. Type: cd /root/.ssh.
  3. Display and copy the key. Type: cat id_rsa.pub.
  4. Access the remote server where the backups will be stored as root.
  1. If the .ssh directory does not exist, create it. Type: mkdir /home/backup_username/.ssh.
  2. Change the permissions. Type: chmod 700 /home/backup_username/.ssh.
  3. Navigate to the .ssh directory, and then paste (append) the key you copied from the FortiNAC to the authorized_keys file. Type:

    cd /home/backup_username/.ssh

    vi authorized_keys

    Note

    The format of authorized_keys file is one entry per line.

  4. Make sure the key you paste is identical to the key on the FortiNAC and does not include extra white space or characters.
Copy the SSH key to the remote server account (third party)
  1. Access the CLI on the FortiNAC Control Server as root.
  2. Navigate to the .ssh directory. Type: cd /root/.ssh.
  3. Display and copy the key. Type: cat id_rsa.pub.
  4. Associate the public key to the remote server where the backups will be stored.

    Note

    This process will vary depending on the product. Refer to the SSH server product documentation for instructions.

Configure the remote backup target
  1. Click System > Settings.
  2. Expand the System Management folder.
  3. Select Remote Backup Configuration from the tree.
  4. Use the table below to complete these steps.
  5. In the Backup Timeout field enter the number of minutes for the backup to be created and copied to the remote server.
  6. Select Enable FTP Remote Backup and/or Enable SSH Remote Backup to enable the remote backup to that server(s).
  7. Enter the connection information for the backup server(s).
  8. Click Test SSH Connection to validate the SSH server and SSH remote path settings.
  9. Click Save Settings.
Settings

Field

Definition

Backup Timeout

Number of minutes for the backup to be created and copied to the remote server. If this time elapses before the backup is done, the process is interrupted. Be sure to select a time that is long enough for your system to complete its backup. The default is 20 minutes, however, large systems may require more time.

Enable FTP Remote Backup

Remote backups to this server are enabled when this is checked.

Default = Unchecked

Display Public SSH Keys

Click to view the public SSH key from the FortiNAC Primary and Secondary Control Servers.

Server

IP address of the remote server.

User Name

User Name required for write access to the server.

Password

Password required for write access to the server.

Remote Path

The directory path where the remote backup files will be placed. This directory must exist on the server.

EnableSSH Remote Backup

Remote backups to this server are enabled when this is checked. The SSH keys must already be established for the SSH remote backups to be successful.

Default = Unchecked

Server

The IP address of the remote server. Format is user@remote-server, such as asmith@192.168.1.1 .

Remote Path

The directory path where the remote backup files will be placed. This directory must exist on the server.

Test SSH Connection

Test the connection to the server using the SSH Server and SSH Remote Path settings to confirm the settings are valid.

If the test fails, it means the Remote Backup task will not back up the files to the specified remote server.

Validate the connection and backup task
FTP
  1. Navigate to System > Scheduler.
  2. Add the Database Backup task (if not already present).
  3. Highlight the Database Backup task and click Run Now.
SSH
  1. Click Test SSH Connection to verify SSH communication with the remote server.
  2. Once successfully tested, navigate to System > Scheduler.
  3. Add the Database Backup task (if not already present).
  4. Highlight the Database Backup task and click Run Now.

Remote backup configuration

Remote backup configuration

Backups of the database and other files occur automatically when the Backup Database and Purge Events scheduled tasks run. The backup files are stored on the local appliance.

The Administrator can additionally configure FortiNAC to place a copy of the database and other directories on an ftp and/or other remote server for safekeeping. The backup files are placed in time and date stamped files named DataBase_BackUp_YYYY-MM_DD_HH_mm_SS.gz.

Backup directory files

Appliance

Directories Included in Backup File

FortiNAC Server

/etc

/home/cm

/root

/var/spool/cron

/bsc/Registration

/bsc/Remediation

/bsc/Hub

/bsc/Authentication

/bsc/DeadEnd

/bsc/CommonJspFiles

/bsc/VPN

/bsc/WWW

/bsc/WEB-INF

/home/admin

/bsc/clientValidation

/bsc/siteConfiguration

/bsc/services

/bsc/campusMgr/master_loader/telnetMibs

/bsc/campusMgr/master_loader/customTraps

FortiNAC Control Server

/etc

/root

/home/cm

/home/admin

/var/spool/cron

/bsc/clientValidation

/bsc/siteConfiguration

/bsc/services

/bsc/campusMgr/master_loader/telnetMibs

/bsc/campusMgr/master_loader/customTraps

FortiNAC Application Server

/etc

/home/cm

/root

/home/admin

/var/spool/cron

/bsc/Registration

/bsc/Remediation

/bsc/Hub

/bsc/Authentication

/bsc/DeadEnd

/bsc/CommonJspFiles

/bsc/VPN

/bsc/www

/bsc/siteConfiguration

/bsc/services

/bsc/WEB-INF

Note

When configuring the backup for a FortiNAC Application Server and FortiNAC Control Server pair, the remote back up is only configured on the FortiNAC Control Servere. The backup files from both servers will be placed in the directory specified. The host name of the appliance will be prefixed to the backup filename.

Configure the backup destination

Remote Backup Configuration defines the connection details used to copy files to a third party (remote) server when the Database Backup task is run in Scheduler. Transferring the backup files can be done using FTP and/or SSH protocols.

Remote server configuration using FTP
  1. Create an account on the remote FTP server to be used by FortiNAC for backup file transfer.
  2. Create a folder to which FortiNAC will copy the files.

For instructions on completing the above tasks, consult documentation specific to the FTP application used.

Remote server configuration using SSH

SSH communication must be established between the FortiNAC Control Server or FortiNAC Server and the remote backup server for the SSH remote backups to be successful. Ensure that the public key for the root user on the host being backed up has been appended to the authorized_keys file in the <root home dir>/.ssh directory of the remote server. In the case of high availability, the SSH keys for both the primary and secondary must be appended to the authorized_keys file.

Copy the SSH key to the remote server account (Linux)
  1. Access the CLI on the FortiNAC Control Server as root.
  2. Navigate to the .ssh directory. Type: cd /root/.ssh.
  3. Display and copy the key. Type: cat id_rsa.pub.
  4. Access the remote server where the backups will be stored as root.
  1. If the .ssh directory does not exist, create it. Type: mkdir /home/backup_username/.ssh.
  2. Change the permissions. Type: chmod 700 /home/backup_username/.ssh.
  3. Navigate to the .ssh directory, and then paste (append) the key you copied from the FortiNAC to the authorized_keys file. Type:

    cd /home/backup_username/.ssh

    vi authorized_keys

    Note

    The format of authorized_keys file is one entry per line.

  4. Make sure the key you paste is identical to the key on the FortiNAC and does not include extra white space or characters.
Copy the SSH key to the remote server account (third party)
  1. Access the CLI on the FortiNAC Control Server as root.
  2. Navigate to the .ssh directory. Type: cd /root/.ssh.
  3. Display and copy the key. Type: cat id_rsa.pub.
  4. Associate the public key to the remote server where the backups will be stored.

    Note

    This process will vary depending on the product. Refer to the SSH server product documentation for instructions.

Configure the remote backup target
  1. Click System > Settings.
  2. Expand the System Management folder.
  3. Select Remote Backup Configuration from the tree.
  4. Use the table below to complete these steps.
  5. In the Backup Timeout field enter the number of minutes for the backup to be created and copied to the remote server.
  6. Select Enable FTP Remote Backup and/or Enable SSH Remote Backup to enable the remote backup to that server(s).
  7. Enter the connection information for the backup server(s).
  8. Click Test SSH Connection to validate the SSH server and SSH remote path settings.
  9. Click Save Settings.
Settings

Field

Definition

Backup Timeout

Number of minutes for the backup to be created and copied to the remote server. If this time elapses before the backup is done, the process is interrupted. Be sure to select a time that is long enough for your system to complete its backup. The default is 20 minutes, however, large systems may require more time.

Enable FTP Remote Backup

Remote backups to this server are enabled when this is checked.

Default = Unchecked

Display Public SSH Keys

Click to view the public SSH key from the FortiNAC Primary and Secondary Control Servers.

Server

IP address of the remote server.

User Name

User Name required for write access to the server.

Password

Password required for write access to the server.

Remote Path

The directory path where the remote backup files will be placed. This directory must exist on the server.

EnableSSH Remote Backup

Remote backups to this server are enabled when this is checked. The SSH keys must already be established for the SSH remote backups to be successful.

Default = Unchecked

Server

The IP address of the remote server. Format is user@remote-server, such as asmith@192.168.1.1 .

Remote Path

The directory path where the remote backup files will be placed. This directory must exist on the server.

Test SSH Connection

Test the connection to the server using the SSH Server and SSH Remote Path settings to confirm the settings are valid.

If the test fails, it means the Remote Backup task will not back up the files to the specified remote server.

Validate the connection and backup task
FTP
  1. Navigate to System > Scheduler.
  2. Add the Database Backup task (if not already present).
  3. Highlight the Database Backup task and click Run Now.
SSH
  1. Click Test SSH Connection to verify SSH communication with the remote server.
  2. Once successfully tested, navigate to System > Scheduler.
  3. Add the Database Backup task (if not already present).
  4. Highlight the Database Backup task and click Run Now.