system backup
Use this command to configure automatic backups of the system configuration to an FTP or SFTP server. You can either run the backup immediately or schedule it to run periodically.
The backup can include all uploaded files such as error pages, WSDL files, certificates, and private keys. Fortinet recommends that if you have many such files, that you include them in the backup. This saves you valuable time if you need to restore the configuration in an emergency.
Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location. This backup method includes sensitive data such as your HTTPS certificates’ private keys. Unauthorized access to private keys compromises the security of all HTTPS requests using those certificates. |
To restore a backup, see backup full-config.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the mntgrp area. For details, see Permissions.
Syntax
config system backup
edit "<backup_name>"
set config-type {full-config |cli-config | waf-config}
set ml-flag {disable | enable}
set encryption {enable | disable}
set encryption-passwd "<password_str>"
set ftp-auth {enable | disable}
set ftp-passwd "<password_str>"
set ftp-dir "<directory-path_str>"
set ftp-server {"<server_ipv4>" | "<server_fqdn>"}
set protocol-type {ftp | sftp}
set schedule_type {now | days}
set schedule_days {sun mon tue wed thu fri sat}
set schedule_time "<time_str>"
next
end
Variable | Description | Default |
Enter the name of the backup configuration. The maximum length is 59 characters. To display the list of existing backups, enter:
|
No default. | |
Select either:
|
cli-config
|
|
Enable to include machine leaning data in the backup. This option takes effect only when the |
|
|
Enable to encrypt the backup file with a Caution: Unlike when downloading a backup from the web UI to your computer, this does include all certificates and private keys. Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location. |
disable
|
|
Enter the password that will be used to encrypt the backup file. This field appears only if you enable encryption {enable | disable}. |
No default. | |
Enable if the server requires that you provide a user name and password for authentication, rather than allowing anonymous connections. When enabled, you must also configure ftp-user "<user_str>" and ftp-passwd "<password_str>". Disable for FTP servers that allow anonymous uploads. |
disable
|
|
Enter the user name that the FortiWeb appliance will use to authenticate with the server. The maximum length is 127 characters. This variable is not available unless ftp-auth {enable | disable} is |
No default. | |
Enter the password corresponding to the account specified in ftp-user "<user_str>". The maximum length is 127 characters. This variable is not available unless ftp-auth {enable | disable} is |
No default. | |
Enter the directory path on the server where you want to store the backup file. The maximum length is 127 characters. | No default. | |
Enter either the IP address or fully qualified domain name (FQDN) of the server. The maximum length is 127 characters. | No default. | |
Select whether to connect to the server using FTP or SFTP. |
ftp
|
|
Select one of the schedule types:
|
now
|
|
Enter one or more days of the week when you want to run a periodic backup. Separate each day with a blank space. For example, to back up the configuration on Monday and Friday, enter:
This command is available only if schedule_type {now | days} is |
No default. | |
Enter the time of day to run the backup. The time format is
This command is available only if schedule_type {now | days} is |
00:00
|