Fortinet black logo

CLI Reference

system backup

system backup

Use this command to configure automatic backups of the system configuration to an FTP or SFTP server. You can either run the backup immediately or schedule it to run periodically.

The backup can include all uploaded files such as error pages, WSDL files, certificates, and private keys. Fortinet recommends that if you have many such files, that you include them in the backup. This saves you valuable time if you need to restore the configuration in an emergency.

Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location. This backup method includes sensitive data such as your HTTPS certificates’ private keys. Unauthorized access to private keys compromises the security of all HTTPS requests using those certificates.

To restore a backup, see backup full-config.

To use this command, your administrator account’s access control profile must have either w or rw permission to the mntgrp area. For details, see Permissions.

Syntax

config system backup

edit "<backup_name>"

set config-type {full-config |cli-config | waf-config}

set ml-flag {disable | enable}

set encryption {enable | disable}

set encryption-passwd "<password_str>"

set ftp-auth {enable | disable}

set ftp-user "<user_str>"

set ftp-passwd "<password_str>"

set ftp-dir "<directory-path_str>"

set ftp-server {"<server_ipv4>" | "<server_fqdn>"}

set protocol-type {ftp | sftp}

set schedule_type {now | days}

set schedule_days {sun mon tue wed thu fri sat}

set schedule_time "<time_str>"

next

end

Variable Description Default

"<backup_name>"

Enter the name of the backup configuration. The maximum length is 59 characters.

To display the list of existing backups, enter:

edit ?

No default.

config-type {full-config |cli-config | waf-config}

Select either:

  • full-config — Include both the configuration file and other uploaded files, such as certificate and error page files, in the backup.
  • cli-config — Include only the configuration file in the backup.
  • waf-config — Include only the web protection profiles in the backup.
cli-config

ml-flag {disable | enable}

Enable to include machine leaning data in the backup. This option takes effect only when the config-type is set to full-config.

disable

encryption {enable | disable}

Enable to encrypt the backup file with a .zip extension.

Caution: Unlike when downloading a backup from the web UI to your computer, this does include all certificates and private keys. Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location.

disable

encryption-passwd "<password_str>"

Enter the password that will be used to encrypt the backup file.

This field appears only if you enable encryption {enable | disable}.

No default.

ftp-auth {enable | disable}

Enable if the server requires that you provide a user name and password for authentication, rather than allowing anonymous connections. When enabled, you must also configure ftp-user "<user_str>" and ftp-passwd "<password_str>".

Disable for FTP servers that allow anonymous uploads.

disable

ftp-user "<user_str>"

Enter the user name that the FortiWeb appliance will use to authenticate with the server. The maximum length is 127 characters.

This variable is not available unless ftp-auth {enable | disable} is enable.

No default.

ftp-passwd "<password_str>"

Enter the password corresponding to the account specified in ftp-user "<user_str>". The maximum length is 127 characters.

This variable is not available unless ftp-auth {enable | disable} is enable.

No default.

ftp-dir "<directory-path_str>"

Enter the directory path on the server where you want to store the backup file. The maximum length is 127 characters. No default.

ftp-server {"<server_ipv4>" | "<server_fqdn>"}

Enter either the IP address or fully qualified domain name (FQDN) of the server. The maximum length is 127 characters. No default.

protocol-type {ftp | sftp}

Select whether to connect to the server using FTP or SFTP. ftp

schedule_type {now | days}

Select one of the schedule types:

now

schedule_days {sun mon tue wed thu fri sat}

Enter one or more days of the week when you want to run a periodic backup. Separate each day with a blank space.

For example, to back up the configuration on Monday and Friday, enter:

set schedule_days mon,fri

This command is available only if schedule_type {now | days} is days.

No default.

schedule_time "<time_str>"

Enter the time of day to run the backup.

The time format is hh:mm, where:

  • hh is the hour according to a 24-hour clock
  • mm is the minute

This command is available only if schedule_type {now | days} is days.

00:00

Related topics

system backup

Use this command to configure automatic backups of the system configuration to an FTP or SFTP server. You can either run the backup immediately or schedule it to run periodically.

The backup can include all uploaded files such as error pages, WSDL files, certificates, and private keys. Fortinet recommends that if you have many such files, that you include them in the backup. This saves you valuable time if you need to restore the configuration in an emergency.

Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location. This backup method includes sensitive data such as your HTTPS certificates’ private keys. Unauthorized access to private keys compromises the security of all HTTPS requests using those certificates.

To restore a backup, see backup full-config.

To use this command, your administrator account’s access control profile must have either w or rw permission to the mntgrp area. For details, see Permissions.

Syntax

config system backup

edit "<backup_name>"

set config-type {full-config |cli-config | waf-config}

set ml-flag {disable | enable}

set encryption {enable | disable}

set encryption-passwd "<password_str>"

set ftp-auth {enable | disable}

set ftp-user "<user_str>"

set ftp-passwd "<password_str>"

set ftp-dir "<directory-path_str>"

set ftp-server {"<server_ipv4>" | "<server_fqdn>"}

set protocol-type {ftp | sftp}

set schedule_type {now | days}

set schedule_days {sun mon tue wed thu fri sat}

set schedule_time "<time_str>"

next

end

Variable Description Default

"<backup_name>"

Enter the name of the backup configuration. The maximum length is 59 characters.

To display the list of existing backups, enter:

edit ?

No default.

config-type {full-config |cli-config | waf-config}

Select either:

  • full-config — Include both the configuration file and other uploaded files, such as certificate and error page files, in the backup.
  • cli-config — Include only the configuration file in the backup.
  • waf-config — Include only the web protection profiles in the backup.
cli-config

ml-flag {disable | enable}

Enable to include machine leaning data in the backup. This option takes effect only when the config-type is set to full-config.

disable

encryption {enable | disable}

Enable to encrypt the backup file with a .zip extension.

Caution: Unlike when downloading a backup from the web UI to your computer, this does include all certificates and private keys. Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location.

disable

encryption-passwd "<password_str>"

Enter the password that will be used to encrypt the backup file.

This field appears only if you enable encryption {enable | disable}.

No default.

ftp-auth {enable | disable}

Enable if the server requires that you provide a user name and password for authentication, rather than allowing anonymous connections. When enabled, you must also configure ftp-user "<user_str>" and ftp-passwd "<password_str>".

Disable for FTP servers that allow anonymous uploads.

disable

ftp-user "<user_str>"

Enter the user name that the FortiWeb appliance will use to authenticate with the server. The maximum length is 127 characters.

This variable is not available unless ftp-auth {enable | disable} is enable.

No default.

ftp-passwd "<password_str>"

Enter the password corresponding to the account specified in ftp-user "<user_str>". The maximum length is 127 characters.

This variable is not available unless ftp-auth {enable | disable} is enable.

No default.

ftp-dir "<directory-path_str>"

Enter the directory path on the server where you want to store the backup file. The maximum length is 127 characters. No default.

ftp-server {"<server_ipv4>" | "<server_fqdn>"}

Enter either the IP address or fully qualified domain name (FQDN) of the server. The maximum length is 127 characters. No default.

protocol-type {ftp | sftp}

Select whether to connect to the server using FTP or SFTP. ftp

schedule_type {now | days}

Select one of the schedule types:

now

schedule_days {sun mon tue wed thu fri sat}

Enter one or more days of the week when you want to run a periodic backup. Separate each day with a blank space.

For example, to back up the configuration on Monday and Friday, enter:

set schedule_days mon,fri

This command is available only if schedule_type {now | days} is days.

No default.

schedule_time "<time_str>"

Enter the time of day to run the backup.

The time format is hh:mm, where:

  • hh is the hour according to a 24-hour clock
  • mm is the minute

This command is available only if schedule_type {now | days} is days.

00:00

Related topics