Fortinet black logo

Deployment Guide

Home FortiSOAR Cloud 7.5.0 Deployment Guide
7.5.0
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0

Backing up and Restoring FortiSOAR Cloud

Backing up and Restoring FortiSOAR Cloud

This chapter describes the process of backing up and restoring FortiSOAR Cloud.

Note

Before release 7.5.0, FortiSOAR Cloud did not support static IP configuration for FortiSOAR Cloud, leading to issues with disaster recovery. Therefore, with release 7.5.0, support for static IP configuration in FortiSOAR Cloud deployment has been added. For the process of Setting a static IP, see the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.

Prerequisites

You must have root or sudo permissions to perform backups and restores.

Note

Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X the data size; for example, if your data size is 2GB, then you should have around 6GB of available disk space to ensure that the processes do not stop or fail.

Backup Process

Use the FortiSOAR Admin CLI (csadm) db option to regularly perform backups and restores, which restores the data seamlessly to a new FortiSOAR Cloud environment.

The FortiSOAR Admin CLI performs a full database backup of your FortiSOAR Cloud server each time. There is no provision for incremental backups. Backups are performed for a particular version of FortiSOAR Cloud, and backups should be restored on the exact version of FortiSOAR Cloud.

Tooltip

The FortiSOAR Cloud Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.

Data that is backed up during the backup process

The FortiSOAR Cloud Admin CLI backs up the following files, configurations, and data during the backup process:

  • site-packages
  • connectors
  • application.conf
  • db_config.yml
  • pg_hba.conf
  • Syslog forwarding configuration
  • All major configuration files, such as das.ini, postgresql.conf
  • PostgreSQL database backups as per requirements
  • User-defined custom expressions
Note

Backups of the configuration files are taken only in the case of localized databases.

Prerequisites for running the backup process

Verify that you have the local backup storage path or NFS.

Performing a backup

To perform a backup, run the csadm command on any FortiSOAR Cloud machine using any terminal. A user who has root or sudo permissions can run the csadm command.

  1. SSH to your FortiSOAR Cloud VM and login as a root user.
  2. To perform a backup, type the following command:
    # csadm db --backup [<backup_dir_path>]
    [<backup_dir_path>] is the directory where backup files will be created. If you do not specify any path, then by default, the backup file is stored in the current working directory.
    Optionally, you can specify the --exclude-workflow option to exclude all the "Executed Playbook Logs" and the --exclude-audit option to exclude all the "Executed Audit Logs" from the backup. Executed playbook and audit logs are primarily meant for debugging, so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces the time and space needed for the backup. For example, to exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
    # csadm db --backup [<backup_dir_path>] --exclude-workflow
    Important: FortiSOAR Cloud backs up the latest three backup files every time it creates a new backup. Any backups older than the latest three backups are deleted.
  3. (Optional) If you only want to back up your configuration files only, then type the following command:
    # csadm db --backup-config [<backup_dir_path>]
    Once you run the above command, you will be asked to provide the path of the configuration backup file. If you do not specify any path, then by default, the backup file is stored in the current working directory.

Running a backup as a scheduled job

Following is an example of running a backup as a scheduled cron job on your FortiSOAR Cloud system or external Secure Message Exchange that will run at 12:30 am every day. You can schedule the backup process based on your requirements.

Add the cron job to run at 12:30 a.m. every day as follows:

$ sudo crontab –e
30 00 * * * csadm db --backup <backup_dir_path>

Once the backup process is successfully completed, the final DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the csadm db --backup <backup_dir_path> command. The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes the timestamp of when the backup was created.

The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes all the backup files. You can run the following command to check the contents of the DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file :
# tar -tvf <DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz>

Restoring data

  1. Move the backup file to the new FortiSOAR Cloud VM.
  2. SSH to the new FortiSOAR Cloud VM and login as a root user.
  3. To restore the data, type the following command:
    # csadm db --restore <backup_file_path>
    [<backup_file_path>] is the directory where you have saved the backed-up files. Note that the backup process, by default, stores the backup in a locally saved file: /home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz
    Important: Once you have restored FortiSOAR Cloud, you are required to reinstall the license for this FortiSOAR Cloud instance. To reinstall the license, click the Retry Sync button on the UI.

Troubleshooting

Migration of FortiSOAR Cloud MSSP setup fails with the Secure Message Exchange Invalid credentials or certificate error

A FortiSOAR Cloud MSSP setup that you want to migrate by backing up your FortiSOAR Cloud instance and then restoring it on a new instance fails with the Secure Message Exchange (SME) "Invalid credentials or certificate" error.

Resolution

This issue occurs as the hostname and certificate from the original backup overwrites the hostname and certificate of the new FortiSOAR Cloud instance/account.

  1. Use the FortiSOAR Cloud UI to change the name of the embedded SME.
  2. SSH to your new FortiSOAR Cloud instance and run the following command:
    csadm secure-message-exchange update-exchange-event-listener-certs
Previous
Next

Backing up and Restoring FortiSOAR Cloud

This chapter describes the process of backing up and restoring FortiSOAR Cloud.

Note

Before release 7.5.0, FortiSOAR Cloud did not support static IP configuration for FortiSOAR Cloud, leading to issues with disaster recovery. Therefore, with release 7.5.0, support for static IP configuration in FortiSOAR Cloud deployment has been added. For the process of Setting a static IP, see the Deploying FortiSOAR chapter of the "Deployment Guide" that is part of the FortiSOAR Documentation.

Prerequisites

You must have root or sudo permissions to perform backups and restores.

Note

Ensure that you have enough disk space available to perform backup and restore tasks. It is recommended that you have available disk space of around 3X the data size; for example, if your data size is 2GB, then you should have around 6GB of available disk space to ensure that the processes do not stop or fail.

Backup Process

Use the FortiSOAR Admin CLI (csadm) db option to regularly perform backups and restores, which restores the data seamlessly to a new FortiSOAR Cloud environment.

The FortiSOAR Admin CLI performs a full database backup of your FortiSOAR Cloud server each time. There is no provision for incremental backups. Backups are performed for a particular version of FortiSOAR Cloud, and backups should be restored on the exact version of FortiSOAR Cloud.

Tooltip

The FortiSOAR Cloud Admin CLI backs up the latest three backups every time it creates a new backup. Any backups older than the latest three backups are deleted.

Data that is backed up during the backup process

The FortiSOAR Cloud Admin CLI backs up the following files, configurations, and data during the backup process:

  • site-packages
  • connectors
  • application.conf
  • db_config.yml
  • pg_hba.conf
  • Syslog forwarding configuration
  • All major configuration files, such as das.ini, postgresql.conf
  • PostgreSQL database backups as per requirements
  • User-defined custom expressions
Note

Backups of the configuration files are taken only in the case of localized databases.

Prerequisites for running the backup process

Verify that you have the local backup storage path or NFS.

Performing a backup

To perform a backup, run the csadm command on any FortiSOAR Cloud machine using any terminal. A user who has root or sudo permissions can run the csadm command.

  1. SSH to your FortiSOAR Cloud VM and login as a root user.
  2. To perform a backup, type the following command:
    # csadm db --backup [<backup_dir_path>]
    [<backup_dir_path>] is the directory where backup files will be created. If you do not specify any path, then by default, the backup file is stored in the current working directory.
    Optionally, you can specify the --exclude-workflow option to exclude all the "Executed Playbook Logs" and the --exclude-audit option to exclude all the "Executed Audit Logs" from the backup. Executed playbook and audit logs are primarily meant for debugging, so they are not a very critical component to be backed up. However, they constitute a major part of the database size, so excluding them from the backup reduces the time and space needed for the backup. For example, to exclude all the "Executed Playbook Logs" from the backup, type the command as follows:
    # csadm db --backup [<backup_dir_path>] --exclude-workflow
    Important: FortiSOAR Cloud backs up the latest three backup files every time it creates a new backup. Any backups older than the latest three backups are deleted.
  3. (Optional) If you only want to back up your configuration files only, then type the following command:
    # csadm db --backup-config [<backup_dir_path>]
    Once you run the above command, you will be asked to provide the path of the configuration backup file. If you do not specify any path, then by default, the backup file is stored in the current working directory.

Running a backup as a scheduled job

Following is an example of running a backup as a scheduled cron job on your FortiSOAR Cloud system or external Secure Message Exchange that will run at 12:30 am every day. You can schedule the backup process based on your requirements.

Add the cron job to run at 12:30 a.m. every day as follows:

$ sudo crontab –e
30 00 * * * csadm db --backup <backup_dir_path>

Once the backup process is successfully completed, the final DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file is located in the directory where the backup files are created. It would be the same directory that you have specified when you ran the csadm db --backup <backup_dir_path> command. The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes the timestamp of when the backup was created.

The DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file includes all the backup files. You can run the following command to check the contents of the DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz file :
# tar -tvf <DR_BACKUP_<FortiSOARCloud_version>_timestamp.tgz>

Restoring data

  1. Move the backup file to the new FortiSOAR Cloud VM.
  2. SSH to the new FortiSOAR Cloud VM and login as a root user.
  3. To restore the data, type the following command:
    # csadm db --restore <backup_file_path>
    [<backup_file_path>] is the directory where you have saved the backed-up files. Note that the backup process, by default, stores the backup in a locally saved file: /home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz
    Important: Once you have restored FortiSOAR Cloud, you are required to reinstall the license for this FortiSOAR Cloud instance. To reinstall the license, click the Retry Sync button on the UI.

Troubleshooting

Migration of FortiSOAR Cloud MSSP setup fails with the Secure Message Exchange Invalid credentials or certificate error

A FortiSOAR Cloud MSSP setup that you want to migrate by backing up your FortiSOAR Cloud instance and then restoring it on a new instance fails with the Secure Message Exchange (SME) "Invalid credentials or certificate" error.

Resolution

This issue occurs as the hostname and certificate from the original backup overwrites the hostname and certificate of the new FortiSOAR Cloud instance/account.

  1. Use the FortiSOAR Cloud UI to change the name of the embedded SME.
  2. SSH to your new FortiSOAR Cloud instance and run the following command:
    csadm secure-message-exchange update-exchange-event-listener-certs
Previous
Next