Remote backup issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Remote backup issue

L1 Bithead

I am trying to backup the config from a remote backup server. The backup file is generating but no config showing in the file. Instead when I open the xml file, I can see this    " <?xml version="1.0"?>  -<response code="403" status="error">  -<result>  <msg>Type [export] not authorized for user role.</msg> "


The steps I did is; 


I took the API key using the command - https://<IP Address>/api/?type=keygen&user=<username>&password=<password>


I am running the below command from a linux OS;


curl -kG --tlsv1.2 "https://IP Address/api/?type=export&category=configuration&key=API KEY" > /home/sftpusers/home/sftponly/firewall_backups/running-config.xml




L4 Transporter

the reason stated at the file output: "not authorized for user role".

admin role account should be able to export Config from firewall, admin account type should be "dynamic". 

after changing the role backup should work.

This user has admin privileges. The authentication type is RSA with static password. When the user logins it will get assigned with Super User role. Please let me know if any specific config to be done.

when you enter the Link "https://IP Address/api/?type=export&category=configuration&key=API KEY" in a brower " where access to the Firewall Management ist allowed" do you see the Firewall-config data?

No I am getting the below response.


<response status="error" code="403">
<msg>Type [export] not authorized for user role.</msg>

the Account simply does not have permission to export Configurations.

you need to create Admin-Account with role type "Dynamic" and Administrator Permission.

Then Generate API-Key with it.



I have created user called "backup" and type is "dynamic" and role "Superuser (read-only)"


But the actual backup user is "GS0C@backup". This user is defined in Radius.


Let me tell you the issue, I am able to login with GS0C@backup in GUI and I have full rights. But when I do an API call it says "not authorized"

Not sure if you ever got your answer, but I think it is related to the Admin Roles, then pick the profile and the tab for XML/Rest API and most likely give readonly to the configuration.





Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!