Description
This article provides an example of how to configure
a FortiManager v5.0 in back up mode to ensure that configuration
revisions are automatically retrieved by the FortiManager whenever
the FortiGate configuration changes.
Note: In FortiOS 5.0, when using backup mode and pointing the FortiGate to FortiManager, you must also use FortiManager for FortiGuard services as well. Starting in FortiOS 5.2, it is possible to use public FortiGuard servers.
SolutionFortiGate configuration:
Configure central management on the FortiGate using the CLI:
config system central-management
set mode backup
set fortimanager-fds-override enable
set fmg "xxx.xxx.xxx.xxx" <<========= <FortiManager's IP
address>
end
FortiManager configuration:
- ADOM v5.0 Type Back up (System Settings > All ADOMs >
Edit the ADOM > Change Type > Back up
- Add the FortiGate to the backup ADOM (v5.0)
Test Auto-Retrieve
1) Log into to FortiGate and create a test object (firewall
address)
Example:
config firewall address
edit "FMG-Test"
set subnet <xxx.xxx.xxx.xx x/subnet>
next
2) Log out of the FortiGate.
3) Check the FortiManager under
Managed Devices > All FortiGate > FortiGate > Menu > Revision
history > "Auto-Retrieved" by FMG
Useful Debugs
for monitoring this process if you encounter problems:
On the FortiGate:
diagnose debug reset
diagnose debug application fgfm -1
diagnose debug console timestamp enable
diagnose debug enable
On the FMG:
diagnose debug application depmanager 255
diagnose debug enable
