Here is a small guide to backup Fortigate config with SCP
Using the Web-based manager:
Go to System > Admin > Settings.
Make sure SCP is enabled
Go to System > Network > Interface.
Select the Edit icon for the interface you use for administrative access.
In the Administrative Access section, select the SSH check box.
Create a public-private key pair using a key generator tool compatible with your SCP client.
root@linux:~# ssh-keygen -t rsa -b 2048 -f /tmp/fw-001
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /tmp/fw-001.
Your public key has been saved in /tmp/fw-001.pub.
Save the private key to the location on your computer where your SSH private keys are stored.
root@linux:~# mv /tmp/fw-001.pub /etc/
root@linux:~# mv /tmp/fw-001 /etc/fw-001.sec
Connect to the fortigate using SSH.
root@linux:~# ssh email@example.com
config system admin
set ssh-public-key1 “[paste content from /etc/fw-001.pub]”
And you are done! 🙂
To trigger the copy, run the following command from bash.
root@linux:~# scp -i /etc/fw-001.sec firstname.lastname@example.org:sys_config /backup/fw-001.fg.bin
scp -P 50000 -i /home/FG/fw-001.sec email@example.com:sys_config /home/FG/fw-001.conf