Skip to Content

Solved: How do I fix export FortiManager system file through TFTP not working?

This article describes about the issue where exporting FortiManager system file through TFTP is not working.

Scope

FortiManager 6.x, 7.x

Solution

Can be replicated in lab FortiManager version 7.0.4.

Tried to export a FortiManager system file using tftp through command:

# execute fmupdate tftp fds-export 00000000FAIM00100 tftptest1 <LAB TFTP Server IP>

There is no output from FortiManager CLI.

There is no output from FortiManager CLI.

Started packet capture on network > interface but do not see any packets being recorded. Even sniffer didn’t show any UDP packets.

Started packet capture on network > interface but do not see any packets being recorded. Even sniffer didn't show any UDP packets.

Started packet capture on network > interface but do not see any packets being recorded. Even sniffer didn't show any UDP packets.

Checked task monitor and found that task gets stuck at 5%.

Checked task monitor and found that task gets stuck at 5%.

Once the task is manually deleted from task monitor, below output from FortiManager CLI can be seen:

# execute fmupdate tftp fds-export 00000000FAIM00100 tftptest1 172.31.200.3

exporting '00000000FAIM00100', task(id=9546)...

__wait_task 143: no task with id 9546, r=-3

export '00000000FAIM00100' done
Start export file to TFTP Server...
##TFTP transfer is successful.
Backup successfully.

However, on TFTP server, there is 0KB file which gets created with no information.

However, on TFTP server, there is 0KB file which gets created with no information.

However, on TFTP server, there is 0KB file which gets created with no information.

Also once task is manually deleted, packets being captured can be seen. Attaching pcap file named testlab_tftp

=================================================================

TEST WITH FTP

Confirmed FTP works fine.

# execute fmupdate ftp fds-export 00000000FAIM00100 xyza 172.31.200.3 \Temp fortinet fortinet

exporting 'fds', task(id=9547)...
100%, task(id=9547,Object Export), done
export 'fds' done
Start sending file to FTP Server...
Transferred 0.559M of 0.559M in 0:00:00s (14.925M/s)
FTP transfer is successful.
Backup successfully.

Also, proper packet capture can be seen in this case. Attaching pcap named testlab_ftp.

Checked on FTP server and can see file xyza being created.

Checked on FTP server and can see file xyza being created.

The problem is resolved in 7.0.5 Firmware of FortiManager.

It is possible to export device stored FortiGuard signatures through TFTP as well as FTP. It is also explained in Release Notes for 7.0.5 firmware for FortiManager.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.