Backing up Fortinet Devices with Rancid

Rancid is great. It allows you to backup the configuration of all your network equipment and stores the data in a git repository. The thing that I like most, is that I can verify when a change was made. It makes debugging a lot easier.

Unfortunately, while Rancid supports Fortinet devices, it doesn’t work well with “VDOMs” (virtual domains), and there are problems when restoring the configuration. The issue is that when you execute “show full-configuration”, it doesn’t dump everything!

The one true way of getting the full configuration of Fortinet devices is via scp. It works quite well, and you might even say that it is superior than using the an interactive SSH session to transfer the data.

I wrote a small script to make rancid use scp to fetch the configuration from Fortinet devices. I have now a complete and restorable backups of all our devices. If you want to do the same, have a look at the “fnrancid-scp” script in this github repository, which also contains install instructions:

https://github.com/schweikert/fnrancid-scp

How nice to be able to do ‘git diff’ and ‘git blame’!