Bulk Fortigate configuration backup

Continuing on from the previous post with bulk management of firewalls, in particular Fortigates.  The following shows a basic script which after enabling SCP transfers on your device, utilizes pscp.exe to backup multiple Fortigate firewall configs.

This script gets the current date, creates a folder under your Backup Path with the date, connects to each firewall in your CSV file (just as the previous post) and uses pscp.exe to backup the config file (fgt-config).  It then renames the fgt-config output file to the IP of your firewall and appends the date to the file name.  I am utilizing the echo y command at the front of the command to accept the untrusted certificate error at first connection.  In a production environment you may wish to re-evaluate this option!

Note, while the transcript option is present, due to a bug in PowerShell you do not get a whole lot of info out of running cmd applications from PowerShell.  I’ll look at a work around for this and update in the near future.

backup-config2
————————————————————————————
$Firewalls = get-content .\firewalls.csv
$Date = Get-Date -Format “dd-MM-yyyy”
$Username = “firewallusername”
$Password = “firewallpassword”
$BackupPath = “E:\Firewall-Config-Backups”
New-Item $BackupPath\$Date\ -type directory
Start-Transcript -path $BackupPath\$Date\$Date.log -append

foreach ($Firewall in $Firewalls){

echo y | .\pscp.exe -l $Username -pw $Password -v “$Firewall::fgt-config” $BackupPath\$Date\ | out-host -verbose
rename-item -path $BackupPath\$Date\fgt-config -newname $BackupPath\$Date\$Firewall-$Date.conf

}

Stop-Transcript
————————————————————————————

Here’s what your final screen output should look like:

backup-config-new

About AJ McKean

Based in sunny Tauranga, New Zealand, AJ McKean is a Senior Systems Engineer in Mt Maunganui. With over 15 years of professional IT experience working in both New Zealand and the United States, he holds several certifications including MCSE(2000-2003), MCITP:Enterprise(2008), MCSA(2012), VMware VCP-DCV5.5, CompTIA A+ & is an HP Storage Architect. He is passionate about all things IT, especially virtualization, automation & cloud technologies.

4 Responses to “Bulk Fortigate configuration backup”

  1. Brandon says :

    SCP is enable on my fortigate but with I run this script I get “Protocol error: Expected control record”
    If I run (pscp admin@192.168.1.1:fgt-config c:\Firewall-Config-Backups\config.conf) from cmd it works. Any suggestions?
    Thank you for your time.

Leave a Reply

Your email address will not be published. Required fields are marked *