系统动作

2025/10/29大约 3 分钟

系统动作

简介

系统动作针对 FortiGate 包含备份配置（到 Flash）、重新启动和关机。

即使 FortiGate 处于内存保护模式，系统动作也能完成，自动化流程会自动绕过 CLI 命令确认提示（手动在 CLI 脚本执行这些操作时需要确认执行）。

CLI 配置

3 种系统动作的配置已经内置在 FortiGate 默认配置中。

config system automation-action
    edit "Backup Config Disk"
        set action-type system-actions
        set system-action backup-config
    next
    edit "Reboot FortiGate"
        set action-type system-actions
        set system-action reboot
    next
    edit "Shutdown FortiGate"
        set action-type system-actions
        set system-action shutdown
    next
end

网络需求

当 FortiGate 进入内存保护模式时，自动备份配置文件到 Flash，随后重启设备。

配置步骤

配置设备进入保护模式后自动备份配置并重启。在 Security Fabric → 自动化中新建自动化工作流，触发条件新建并选择系统分类中的保护模式。
添加第一个动作为预置的 Backup Config Disk，第二个动作为 Reboot FortiGate，中间添加 60s 的间隔，然后下发该工作流配置。

相关 CLI 如下，配置了 Reboot 动作的最小间隔为 300s，防止频繁重启。

config system automation-trigger
    edit "Enter_Conserve_Mode"
        set event-type low-memory
    next
end

config system automation-action
    edit "Reboot FortiGate"
        set action-type system-actions
        set system-action reboot
        set minimum-interval 300
    next
    edit "Backup Config Disk"
        set action-type system-actions
        set system-action backup-config
    next
end

config system automation-stitch
    edit "Auto_Backup_and_Reboot"
        set trigger "Enter_Conserve_Mode"
        config actions
            edit 1
                set action "Backup Config Disk"
                set required enable
            next
            edit 2
                set action "Reboot FortiGate"
                set delay 60
                set required enable
            next
        end
    next
end

配置验证

触发 FortiGate 进入内存保护模式。

FortiGate # diagnose hardware sysinfo conserve
memory conserve mode:                        on
total RAM:                                         1465 MB
memory used:                                       1293 MB   88% of total RAM
memory freeable:                                    150 MB   10% of total RAM
memory used + freeable threshold extreme:          1392 MB   95% of total RAM
memory used threshold red:                         1289 MB   88% of total RAM
memory used threshold green:                       1201 MB   82% of total RAM

查看 autod 进程的 debug 信息，可以看到 FortiGate 进入保护模式后，触发了配置的 Trigger，自动执行配置备份到 Flash Disk，60s 后重启设备。

FortiGate # diagnose debug application autod -1 
......
__dump_action_msg()-26: System will backup config, msg: Autod backup config by stitch: Auto_Backup_and_Reboot
......
__dump_action_msg()-26: System will reboot, msg: Autod reboot by stitch: Auto_Backup_and_Reboot

查看自动化触发的系统日志。

查看自动备份的配置文件。

FortiGate # execute revision list config
Last Firmware Version: V0.0.0-build000-REL0

ID  TIME                   ADMIN             FIRMWARE VERSION           COMMENT
6   2023-07-03 15:36:44    daemon_admin      V7.2.5-build1517-REL0      Autod backup config by stitch: Auto_Backup_and_Reboot

查看该自动化流程的的配置和触发统计（使用 2 可以看统计和配置）。

FortiGate # diagnose test application autod 3
stitch: Auto_Backup_and_Reboot 
        local hit: 3 relayed to: 0 relayed from: 0
        last trigger:Mon Jul  3 15:58:03 2023
        last relay:
        actions:
                Backup Config Disk:
                        done: 3 relayed to: 0 relayed from: 0
                        last trigger:Mon Jul  3 15:57:03 2023
                        last relay:
                Reboot FortiGate:
                        done: 3 relayed to: 0 relayed from: 0
                        last trigger:Mon Jul  3 15:57:03 2023
                        last relay:

在 HA 环境下，自动化中备份配置的动作是不会同步的，只有触发了自动化的那台设备会备份配置到 Flash Disk。

FortiGate1 # execute revision list config
Last Firmware Version: V0.0.0-build000-REL0
ID  TIME                   ADMIN             FIRMWARE VERSION           COMMENT
6   2023-07-03 15:36:44    daemon_admin      V7.2.5-build1517-REL0      Autod backup config by stitch: Auto_Backup_and_Reboot

FortiGate2 # execute revision list config
Last Firmware Version: V0.0.0-build000-REL0