Description

This article describes the issue where DNS configuration changes pushed from FortiManager fail to apply on the FortiGate, how to identify the cause, and implement the appropriate fix.

Scope

FortiGate, FortiManager.

Solution

Current DNS config on the FortiGate:

To change the DNS config from FortiManager, go to Device Manager -> Device & Groups -> CLI Configuration -> System -> DNS.

Note:
Make sure CLI Configurations is enabled under Feature Visibility

However, during the install attempt, FortiManager shows that there are no pending changes for the FortiGate.

The installation shows as completed:

After the installation is finished, the DNS configuration is reverted to the previous settings.

Verify whether a system template is already assigned to the device, and check if DNS is enabled within that system template.

Go to Provisioning Templates -> System Templates. The default system template is assigned to the device 'Hansolo-kvm08', and the DNS is enabled in that template.

To fix the issue, either unassign the system template to the device or disable the DNS setting under the system template(default). The DNS config can be directly changed on the system template and can be pushed to the device.

Changing the DNS configuration directly on the system template shows the changes in the installation preview.

The FortiGate DNS settings reflect the updated configuration.

Go back to the Device Manager -> Device & Groups -> CLI Configuration -> System -> DNS. Even here, the DNS gets auto-updated.