Overview
Auvik supports retrieving full configuration backups from FortiOS devices using the REST API. This method provides a reliable way to capture device settings without requiring CLI access. If Auvik can retrieve a backup via API then it will prioritize that first.
Required API Permissions
To perform a configuration backup, the API user account on the Fortinet device must be assigned the correct permissions:
- System Configuration → Read/Write
- All other sections → Read
- REST API Access → must be Enabled
These permissions are controlled through the Administrator Profile assigned to the API user.
Example (from the Fortinet Admin UI):
- Security Fabric, FortiView, User & Device, Firewall, Log & Report, Network, Security Profile, VPN, WiFi & Switch → Read
- System → Read/Write
- Permit usage of CLI commands → optional (not required for API backup).
Setting API Permissions
Step 1: Log in to the Fortinet Web UI
- Navigate to the Fortinet web interface in your browser.
- Log in with an account that has Super_Admin privileges.
Step 2: Create or Edit an Administrator Profile
- Go to System > Admin > Profiles.
- Click Create New or edit an existing profile.
- In the profile configuration:
- Set System Configuration → Read/Write
- Set all other sections → Read
- Under REST API Access, ensure it is Enabled
- Click OK to save.
Step 3: Create an API User
- Go to System > Admin > Administrators.
- Click Create New.
- Set the following:
- Type: REST API Admin
- Administrator Profile: the profile created in Step 2
- Generate and securely store the API Key
- Save the new user.
API Call Details
Once the API user is configured, the collector can request a full configuration backup using:
- HTTP Method: POST
- Endpoint:
/api/v2/monitor/system/config/backup?scope=global
This call retrieves the full configuration backup from the Fortinet device.
Validating API Backups
When viewing the configuration backup, the API user will appear as the source instead of a CLI user.