Skip to main content
fcb
fcb
Visitor III
February 4, 2022
Question

Sync changes from Gate back to Manager

  • February 4, 2022
  • 4 replies
  • 3417 views

So I imported our Edge Fortigate's into Manager about two months ago and have been steadily setting up the Normalized Interfaces, Per-Device Mappings, etc. that I will need on Manager to administer four 500e's

 

The problem is that I've been lazy and have made many changes on the Fortigate's themselves (not using Manager) since this initial import and now am unsure of what might get "overwritten" once I push my first deployment package back to the gates. If I re-import the "live" configs back into FortiManager it'll overwrite all of the work I've done in there with all the dynamic objects, rules, interfaces so what is my best path forward here? Bite the bullet and just re-import everything from the live Gates back into Manager and start over? I hope not!

4 replies

A
Anonymous_User
Contributor
March 1, 2022

Hello @fcb ,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 1, 2022

Sounds like you have one policy package managing your four FGTs in one ADOM. What are the current Config Status and Policy Package Status for each FGT? "Auto-update" and "Out of Sync" with a red-X?

 

Toshi

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
March 1, 2022

You could start the Installation Wizard and then have a look at the installation preview to see what changes FortiManager would undo, and if you can live with those or not.
You could also manually recreate the additional changes you made on FortiGate in FortiManager, and only then install; that might cause FortiManager to delete the existing FortiGate config, but it should then reconfigure it essentially the same - if you recreated the exact same configuration as policy package.

sw2090
SuperUser
sw2090
SuperUser
May 3, 2022

Also Policies during adding a FGT to FMG are always imported to a new policy package so it does not overwrite anything in other policy packages. The device config hits the only the newly added FGT anyways.

As long as you do not deploy any different policy package to that FGT after adding with FMG also nothing on the FGT will be overwritten.

Terms & ConditionsAccessibility statement