Use Wasabi cloud to backup your FortiGate Firewall configuration for 6.99$/month

Use Wasabi cloud to backup your FortiGate Firewall configuration for 6.99$month

Steps to implement an automated config backup solution for your FortiGate with Wasabi Cloud for 6.99$/month

  1. Create an account on wasabi cloud https://wasabi.com/fr.
  2. Create a bucket and activate the versioning.
  3. Activate the FTP/FTPS protocol in Wasabi
  4. Configure your FortiGate CLI config backup over FTP command
  5. Configure Your automation Trigger
  6. Configure Your automation Action
  7. Configure Your automation Stitch

FortiGate CLI config backup over FTP command

You can connect over FTP/FTPS to your Wasabi S3 Bucket with your account credentials. In paid plan you can create sub-user with FTP/FTPS access.

To connect to your Wasabi S3 Bucket over FTP you need :

  • The region where the bucket is created here is eu-west-2
  • The name of the Bucket, here is backup_fortigate
  • Your username/email & password of your Wasabi account here is fortigate@gitbook.deddy.me

You can connect to your Bucket with a FTP’s client https://winscp.net or https://filezilla-project.org with this configuration :

Build the FortiGate CLI Command

execute backup full-config ftp <bucket_name>/fortigate_01_config [s3.<](http://s3.eu-west-2.wasabisys.com:21/)wasabi_bucket_region>.wasabisys.[com:21](http://s3.eu-west-2.wasabisys.com:21/) <ftp_username/email> <ftp_password>

The complete FortiGate CLI Command

execute backup full-config ftp backup_fortigate/fortigate_01_config [s3.](http://s3.eu-west-2.wasabisys.com:21/)eu-west-2.wasabisys.[com:21](http://s3.eu-west-2.wasabisys.com:21/) fortigate@gitbook.deddy.me superStrongPassword

Wasabi Cloud Active the FTP/FTPS protocol in the settings

Create a Trigger in Security Fabric > Automation > Trigger

Each day the script will be executed.

Create an action in Security Fabric > Automation > Action

Create a Stitch on Security Fabric > Automation > Stitch

How to monitor that Fortigate backups are up to date ?

You can implement a solution that monitors the last modification date of files either via the AWS S3 SDK JS library. See

How to use the AWS S3 JS SDK with Wasabi Cloud ?

How to use @aws-sdk/client-s3 with Wasabi Cloud S3

ACCESS_KEY_ID et SECRET_ACCESS_KEY must be created on your Wasabi console.

WASABI_ENDPOINT must be of the format : https://s3.<bucket_region>.wasabisys.com .

S3-wasabi-client.mjs example

import { S3Client } from '@aws-sdk/client-s3';

const { 
	S3_REGION = 'us-east-1',
	ACCESS_KEY_ID="YOUR ACCESS KEY",
	SECRET_ACCESS_KEY="YOUR SECRET ACCESS KEY",
	WASABI_ENDPOINT="https://s3.eu-west-2.wasabisys.com"
 } = process.env;

const s3WasabiClient = new S3Client({
    region: S3_REGION,
    apiVersion: '2006-03-01',
    credentials: {
        accessKeyId: ACCESS_KEY_ID,
        secretAccessKey: SECRET_ACCESS_KEY
    },
    endpoint: WASABI_ENDPOINT
});

export { s3WasabiClient };

List all objects in the bucket “bucket_name”

import { s3WasabiClient } from './s3-wasabi-client.mjs';
import { ListObjectsCommand } from '@aws-sdk/client-s3';

const listObjectsCommand = new ListObjectsCommand('bucket_name', '');
const data = await s3WasabiClient.send(listObjectsCommand);
if(data.Contents) {
	console.log('data : ', data.Contents);
}