Skip to main content
Dan_Eng52
Dan_Eng52
Explorer III
April 30, 2025
Question

FortiGate - Automation Stitches Not Working Downstream

  • April 30, 2025
  • 2 replies
  • 1888 views

Hi all, 

 

I hope you're well. 

 

Hopefully you can help me, I have security-fabric running across multiple FortiGate firewalls and I have noticed that we receive no alerts from triggered automation stitches on our downstream firewalls. At present, I have the set configuration-sync set to local but I have seen documentation mentioning that this must be set to default.

 

config system csf
set status enable
set uid "ed76b59ad28e4b088e9626a7f32dfc89"
set group-name "<name>"
set configuration-sync local
set fabric-object-unification local

 

My main concern is that I do not want to break anything, I want to keep the set fabric-object-unification local as I do not want to synchronise firewall objects and addresses to downstream devices I would only like the automation stitches to be handled by the root FortiGate and for the triggered automation stitches to alert accordingly. 

 

Can anyone confirm that changing this to 'default' will only synchronize the configuration for FortiAnalyzer, FortiSandbox, and Central Management to the root FortiGate and will not make any configuration changes to firewall objects/addresses or anything else? 

 

Many thanks,
Dan.

 

 

2 replies

apFortinet
Staff
apFortinet
Staff
April 30, 2025

Hi Dan,

 

- The `configuration-sync` setting controls the synchronization of certain configurations across the Security Fabric. Setting it to `default` will synchronize configurations related to FortiAnalyzer, FortiSandbox, and central management, but it should not affect firewall objects or addresses.


- Keeping `fabric-object-unification` set to `local` ensures that firewall objects and addresses are not synchronized to downstream devices. This setting is independent of the `configuration-sync` setting.

 

It seems to me that you are facing situation which is explained in following article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Security-Fabric-automation-stitch-not/ta-p/366479

 

Changing configuration-sync to default should resolve your issue.

 

Cheers,

Ankit

If you have found a solution, please like and accept it to make it easily accessible to others.

    Dan_Eng52
    Dan_Eng52Author
    Explorer III
    May 6, 2025

    Hi ap, 

     

    Thanks for that. 

     

    I was worried that it may have affected something else and caused issues. If this only changes configuration related to FortiAnalyzer, FortiSandbox and central management I will give this option a try and see if this resolves things. 

     

    Many thanks, 

    Dan. 

    Terms & ConditionsAccessibility statement