Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.4.2 Administration Guide
    7.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Backing up the system

    Backing up the system

    Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also back up your configuration after making any changes to the FortiAnalyzer configuration or settings that affect connected devices.

    Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware. See Updating the system firmware.

    An MD5 checksum is automatically generated in the event log when backing up the configuration. You can verify a backup by comparing the checksum in the log entry with that of the backup file.

    Perform a system backup

    To back up the FortiAnalyzer configuration:

    1. Go to Dashboard.

    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.

    3. Select the Backup Now tab.

    4. Enter and confirm the password you want to use for encryption. The password can be a maximum of 63 characters.

    5. Select OK and save the backup file on your management computer.

    Scheduling automatic backups

    You can configure FortiAnalyzer to automatically backup your configuration on a set schedule.

    To schedule automatic backup in the GUI:
    1. Go to Dashboard.
    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.
    3. Select the Schedule Backup tab.
    4. Enable the Enable Schedule Backup option, and configure the options including the backup location, backup frequency, and an encryption password.
    5. Click OK.
    To schedule automatic backup in the CLI:
    1. In the FortiAnalyzer CLI, enter the following command:

      config system backup all-settings

    2. Configure the backup settings:

      set status {enable | disable}

      set server {<ipv4_address>|<fqdn_str>}

      set user <username>

      set directory <string>

      set week_days {monday tuesday wednesday thursday friday saturday sunday}

      set time <hh:mm:ss>

      set protocol {ftp | scp | sftp}

      set passwd <passwd>

      set crptpasswd <passwd>

      end

    For example, the following configuration uses the FTP protocol to backup the configuration to server 172.20.120.11 in the /usr/local/backup directory every Monday at 1:00pm.

    config system backup all-settings

    set status enable

    set server 172.20.120.11

    set user admin

    set directory /usr/local/backup

    set week_days monday

    set time 13:00:00

    set protocol ftp

    end

    For more information, see the FortiAnalyzer CLI Reference Guide on the Fortinet Documents Library.

    View backup history

    After performing backups, you can view the backup history to see all backups performed on the FortiAnalyzer.

    To see backup history:
    1. Go to Dashboard.
    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.
    3. Select the Backup History tab.
      The backup history displays the Date & Time, Admin, Size and Status of each backup.

    MD5 checksum

    To find the MD5 checksum generated with the backup:
    1. In the GUI, go to System Settings > Event Log.
    2. In the Changes column for the event log, note the MD5 checksum.

    Perform backups using SCP

    You can use secure copy protocol (SCP) with a SSH certificate to back up the FortiAnalyzer system configuration.

    The following is an example of SSH certificate generation to be used with SCP for configuration backup. This example uses RSA but can also be applied to ED25519 keys.

    To configure a SSH certificate for backup using SCP:
    1. Create a SSH CA user key pair.

      ssh-keygen -t rsa -b 4096 -f ~/.ssh/ssh_user_ca

    2. Create a SSH CA host key pair.

      ssh-keygen -t rsa -b 4096 -f ~/.ssh/ssh_host_ca

    3. Copy the CA host ssh_host_ca* to /etc/ssh/.
    4. Sign the user's public key using the host CA key.

      ssh-keygen -s ~/.ssh/ssh_host_ca -I qa -n qa -V +52w ~/.ssh/ssh_user_ca.pub

      ssh-keygen -Lf ~/.ssh/ssh_user_ca-cert.pub

      /root/.ssh/ssh_user_ca-cert.pub:

      Type: ssh-rsa-cert-v01@openssh.com host certificate

      Public key: RSA-CERT SHA256:/Ue4vx5n2oUp+XhwLuAkadsfa0YTt7dpuZgbZ8TBNuw

      Signing CA: RSA SHA256:/Ue4vx5n2oUp+XhwLuAkIkvadfadTt7dpuZgbZ8TBNuw (using rsa-sha2-512)

      Key ID: "qa"

      Serial: 0

      Valid: from 2023-09-25T14:24:00 to 2024-09-23T14:25:08

      Principals: qa

      Critical Options: (none)

      Extensions: (none)

    5. Edit the SSH server config file at /etc/ssh/sshd_config and make the TrustedUserCAKeys directive to point to the user CA public key.

      TrustedUserCAKeys /etc/ssh/ssh_host_ca.pub

    6. Restart the sshd process to make the configuration change take effect..

      systemctl restart sshd

    7. On FortiAnalyzer, configure the SSH certificate.

      config sys certificate ssh

      edit ssh_cert_1

      set certificate "ssh_user_ca-cert.pub"

      set private "ssh_user_ca"

      end

    8. Configure backup of all settings using SCP .

      execute backup all-settings scp <server IP> <path and file name> <username> <ssh-cert>

    For more information on configuration of backup settings in the FortiAnalyzer CLI, see the FortiAnalyzer CLI Reference.

    Previous
    Next

    Backing up the system

    Backing up the system

    Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also back up your configuration after making any changes to the FortiAnalyzer configuration or settings that affect connected devices.

    Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware. See Updating the system firmware.

    An MD5 checksum is automatically generated in the event log when backing up the configuration. You can verify a backup by comparing the checksum in the log entry with that of the backup file.

    Perform a system backup

    To back up the FortiAnalyzer configuration:

    1. Go to Dashboard.

    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.

    3. Select the Backup Now tab.

    4. Enter and confirm the password you want to use for encryption. The password can be a maximum of 63 characters.

    5. Select OK and save the backup file on your management computer.

    Scheduling automatic backups

    You can configure FortiAnalyzer to automatically backup your configuration on a set schedule.

    To schedule automatic backup in the GUI:
    1. Go to Dashboard.
    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.
    3. Select the Schedule Backup tab.
    4. Enable the Enable Schedule Backup option, and configure the options including the backup location, backup frequency, and an encryption password.
    5. Click OK.
    To schedule automatic backup in the CLI:
    1. In the FortiAnalyzer CLI, enter the following command:

      config system backup all-settings

    2. Configure the backup settings:

      set status {enable | disable}

      set server {<ipv4_address>|<fqdn_str>}

      set user <username>

      set directory <string>

      set week_days {monday tuesday wednesday thursday friday saturday sunday}

      set time <hh:mm:ss>

      set protocol {ftp | scp | sftp}

      set passwd <passwd>

      set crptpasswd <passwd>

      end

    For example, the following configuration uses the FTP protocol to backup the configuration to server 172.20.120.11 in the /usr/local/backup directory every Monday at 1:00pm.

    config system backup all-settings

    set status enable

    set server 172.20.120.11

    set user admin

    set directory /usr/local/backup

    set week_days monday

    set time 13:00:00

    set protocol ftp

    end

    For more information, see the FortiAnalyzer CLI Reference Guide on the Fortinet Documents Library.

    View backup history

    After performing backups, you can view the backup history to see all backups performed on the FortiAnalyzer.

    To see backup history:
    1. Go to Dashboard.
    2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens.
    3. Select the Backup History tab.
      The backup history displays the Date & Time, Admin, Size and Status of each backup.

    MD5 checksum

    To find the MD5 checksum generated with the backup:
    1. In the GUI, go to System Settings > Event Log.
    2. In the Changes column for the event log, note the MD5 checksum.

    Perform backups using SCP

    You can use secure copy protocol (SCP) with a SSH certificate to back up the FortiAnalyzer system configuration.

    The following is an example of SSH certificate generation to be used with SCP for configuration backup. This example uses RSA but can also be applied to ED25519 keys.

    To configure a SSH certificate for backup using SCP:
    1. Create a SSH CA user key pair.

      ssh-keygen -t rsa -b 4096 -f ~/.ssh/ssh_user_ca

    2. Create a SSH CA host key pair.

      ssh-keygen -t rsa -b 4096 -f ~/.ssh/ssh_host_ca

    3. Copy the CA host ssh_host_ca* to /etc/ssh/.
    4. Sign the user's public key using the host CA key.

      ssh-keygen -s ~/.ssh/ssh_host_ca -I qa -n qa -V +52w ~/.ssh/ssh_user_ca.pub

      ssh-keygen -Lf ~/.ssh/ssh_user_ca-cert.pub

      /root/.ssh/ssh_user_ca-cert.pub:

      Type: ssh-rsa-cert-v01@openssh.com host certificate

      Public key: RSA-CERT SHA256:/Ue4vx5n2oUp+XhwLuAkadsfa0YTt7dpuZgbZ8TBNuw

      Signing CA: RSA SHA256:/Ue4vx5n2oUp+XhwLuAkIkvadfadTt7dpuZgbZ8TBNuw (using rsa-sha2-512)

      Key ID: "qa"

      Serial: 0

      Valid: from 2023-09-25T14:24:00 to 2024-09-23T14:25:08

      Principals: qa

      Critical Options: (none)

      Extensions: (none)

    5. Edit the SSH server config file at /etc/ssh/sshd_config and make the TrustedUserCAKeys directive to point to the user CA public key.

      TrustedUserCAKeys /etc/ssh/ssh_host_ca.pub

    6. Restart the sshd process to make the configuration change take effect..

      systemctl restart sshd

    7. On FortiAnalyzer, configure the SSH certificate.

      config sys certificate ssh

      edit ssh_cert_1

      set certificate "ssh_user_ca-cert.pub"

      set private "ssh_user_ca"

      end

    8. Configure backup of all settings using SCP .

      execute backup all-settings scp <server IP> <path and file name> <username> <ssh-cert>

    For more information on configuration of backup settings in the FortiAnalyzer CLI, see the FortiAnalyzer CLI Reference.

    Previous
    Next