config : system backup
 
system backup
Use this command to configure automatic backups of the system configuration to an FTP or SFTP server. You can either run the backup immediately or schedule it to run periodically.
The backup can include all uploaded files such as error pages, WSDL files, certificates, and private keys. Fortinet recommends that if you have many such files, that you include them in the backup. This saves you valuable time if you need to restore the configuration in an emergency.
 
Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location. This backup method includes sensitive data such as your HTTPS certificates’ private keys. Unauthorized access to private keys compromises the security of all HTTPS requests using those certificates.
To restore a backup, see “execute backup full-config”.
To use this command, your administrator account’s access control profile must have either w or rw permission to the mntgrp area. For more information, see “Permissions”.
Syntax
config system backup
edit <backup_name>
set config-type {full-config |cli‑config | waf-config}
set encryption {enable | disable}
set encryption-passwd <password_str>
set ftp-auth {enable | disable}
set ftp-user <user_str>
set ftp-passwd <password_str>
set ftp-dir "<directory-path_str>"
set ftp-server {<server_ipv4> | <server_fqdn>}
set protocol-type {ftp | sftp}
set schedule_type {now | days}
set schedule_days {sun mon tue wed thu fri sat}
set schedule_time <time_str>
next
end
Variable
Description
Default
<backup_name>
Type the name of the backup configuration. The maximum length is 59 characters.
To display the list of existing backups, type:
edit ?
No default.
config-type {full-config |cli‑config | waf-config}
Select either:
full-config — Include both the configuration file and other uploaded files, such a certificate and error page files, in the backup.
cli-config — Include only the configuration file in the backup.
waf-config — Include only the web protection profiles in the backup.
cli-config
encryption {enable | disable}
Enable to encrypt the backup file using 128-bit AES and a password.
Caution: Unlike when downloading a backup from the web UI to your computer, this does include all certificates and private keys. Fortinet strongly recommends that you password-encrypt this backup, and store it in a secure location.
disable
encryption-passwd <password_str>
Type the password that will be used to encrypt the backup file.
This field appears only if you enable encryption {enable | disable}.
 
ftp-auth {enable | disable}
Enable if the server requires that you provide a user name and password for authentication, rather than allowing anonymous connections. When enabled, you must also configure ftp-user <user_str> and ftp-passwd <password_str>.
Disable for FTP servers that allow anonymous uploads.
disable
ftp-user <user_str>
Type the user name that the FortiWeb appliance will use to authenticate with the server. The maximum length is 127 characters.
This variable is not available unless ftp-auth is enable.
No default.
ftp-passwd <password_str>
Type the password corresponding to the account specified in ftp-user <user_str>. The maximum length is 127 characters.
This variable is not available unless ftp-auth is enable.
No default.
ftp-dir "<directory-path_str>"
Type the directory path on the server where you want to store the backup file. The maximum length is 127 characters.
No default.
ftp-server {<server_ipv4> | <server_fqdn>}
Type either the IP address or fully qualified domain name (FQDN) of the server. The maximum length is 127 characters.
No default.
protocol-type {ftp | sftp}
Select whether to connect to the server using FTP or SFTP.
ftp
schedule_type {now | days}
Select one of the schedule types:
now — Use this to initiate the FTP backup immediately upon ending the command sequence.
days — Enter this to allow you to set days and a time to run the backup automatically. You must also configure schedule_days and schedule_time.
now
schedule_days {sun mon tue wed thu fri sat}
Select one or more days of the week when you want to run a periodic backup. Separate each day with a blank space.
For example, to back up the configuration on Monday and Friday, type:
set schedule_days mon,fri
This command is available only if schedule_type is days.
No default.
schedule_time <time_str>
Type the time of day to run the backup.
The time format is hh:mm, where:
hh is the hour according to a 24-hour clock
mm is the minute
This command is available only if schedule_type is days.
00:00
Example
This example configures a scheduled, full configuration backup every Sunday and Friday at 1:15 AM. The FortiWeb appliance authenticates with the FTP server using an account named fortiweb1 and its password, P@ssword1. It does not encrypt the backup file.
config system backup
edit "Scheduled_Backup"
set config-type full-config
set protocol-type ftp
set ftp-auth enable
set ftp-user fortiweb1
set ftp-passwd P@ssword1
set ftp-server 172.20.120.01
set ftp-dir "/config-backups"
set schedule_type days
set schedule_days sun,fri
set schedule_time 01:15
next
end
Related topics
execute restore config
execute backup cli-config