FGFW-ND-000180 - The FortiGate device must conduct backups of system-level information contained in the information system when changes occur.


System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial of service condition is possible for all who utilize this critical network component.

This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Log in to the FortiGate GUI with Super-Admin privilege.

1. Open a CLI console, via SSH or available from the GUI.
2. Run the following command:
# config system global
# set revision-backup-on-logout enable
# end
3. Integrate FortiGate with FortiManager or the organization's central backup server using SSH to pull saved backups.

Note: All backups performed by super admin contain global setting and settings for any VDOMs.

See Also


Item Details


References: 800-53|CM-6b., 800-53|CP-9b., CAT|II, CCI|CCI-000366, CCI|CCI-000537, Rule-ID|SV-234195r916221_rule, STIG-ID|FGFW-ND-000180, Vuln-ID|V-234195

Plugin: FortiGate

Control ID: 625c649fa15b81d718392cc7ae6125bef8ad716b178a82260be389a14500e81e