k12tech Web Logov2

  • NWAEA Procircular Jun 12, 2023
  • Fortigate Enable Config Revisions
    • Enables history of configuration changes made on the Fortigate. 
    • Accessable under the logged in username icon top right of the screen, Choose "Configuration" and "Revisions" to access
    • Once enabled Config files from different dates can be comaired.
    • Select 2 config files to compare, (Use Control/command to select) then click the "Diff" button
    • To enable this feature from the Fortigate Command Line:
      config system global
        set gui-allow-default-hostname enable
        set revision-backup-on-logout enable
      end
  • Option to use "Automation" to upload config to a SFTP or other server when config changes have been made and a user logs out of the Fortigate.
    • Backup Fortigate config  To SFTP share
      Fortigate > Security Fabric > Automation > New Stitch > Add Trigger > new Schedule > Action > CLI Script

      execute backup config sftp /FortiGate/Backup_%%date%%.conf SFTPSERVER  USERNAME PASSWORD

      Admin Profile Super_Admin 

 

  • Only issue is the SFTP Details are exposed in the CLI script, I backup the share it dumps into and only use a special account that has access to a dedicated share.