With Forti-Manager it’s possible to automatically save a config-copy on every config change. However – If you don’t want to buy/operate/whatever a dedicated manager but still want the advantage off having a copy on every config-change that could also be accomplished with foritgates “automation stitches”.

The following config shows how this could be archived:

FORTIGATE-SHELL # show system automation-stitch Automated_Config_Backup
config system automation-stitch
    edit "Automated_Config_Backup"
        set description "Creates Backup of the Config on a detected change"
        set trigger "Config_change_detected"
        config actions
            edit 1
                set action "Execute_Config_Backup"
                set required enable
            next
        end
    next
end

FORTIGATE-SHELL # show system automation-trigger Config_change_detected
config system automation-trigger
    edit "Config_change_detected"
        set event-type event-log
        set logid 44546 44547
    next
end

FORTIGATE-SHELL # show system automation-action Execute_Config_Backup
config system automation-action
    edit "Execute_Config_Backup"
        set description "Creates a Backup of the current Config"
        set action-type cli-script
        set script "execute backup config sftp /path/on/sftp-server/backup_%%log.eventtime%%.conf <SFTP-SERVER> <USERNAME> <PASSWORD>
        set accprofile "super_admin"
    next
end

This stich will run the backup action every time an object attribute or attribute was configured and push the new config to the SFTP-server.,

On the server it will be named “backup_<TS_in_ns>.config”