Purpose
The FortiManager software stores revision history for each managed FortiGate unit.
The revision history database is updated on configuration changes and policy package installation.
This database can be used to revert a FortiGate unit to a previous configuration and previous version of policy packages.
Expectations, Requirements
Configuration
Verification
Check Preview to make sure changes are as expected:
Diagram:
The FortiManager software stores revision history for each managed FortiGate unit.
The revision history database is updated on configuration changes and policy package installation.
This database can be used to revert a FortiGate unit to a previous configuration and previous version of policy packages.
This KB article explains how to revert a FortiGate unit back to a stored revision, including reverting to the previous configuration of policies.
Screenshots are taken from FortiManager 4.3 but the terminology and steps are still valid up to and including FortiManager 6.0.
Expectations, Requirements
At least 2 FortiGate configurations, stored in revision history.
Configuration
1. Access the Revision History database from device dashboard:
2. Click on Revert icon that correspond to the revision you want to revert to:
3. The selected revision is loaded in a device level database, and is shown as "reverted":
At this stage, the policy package has NOT been updated.
If an "Install" is done, the global level parameters will correspond to the reverted config (ID 7), but the policy packages will still correspond to ID 9.
At this stage, the policy package has NOT been updated.
If an "Install" is done, the global level parameters will correspond to the reverted config (ID 7), but the policy packages will still correspond to ID 9.
4. To update the policy packages with policies and objects as they are in the reverted revision, it's necessary to import the policy packages for each VDOM:
Note, that policy packages are imported from the FortiManager device level database, not from the FortiGate unit.
On import, new policy packages are created.
Note, that policy packages are imported from the FortiManager device level database, not from the FortiGate unit.
On import, new policy packages are created.
5. Install - After policy packages for all VDOMs have been imported, the reverted configuration can be installed to the FortiGate unit:
Make sure you correctly select policy package as imported from the reverted configuration at step 4:
Repeat for each VDOM.
Make sure you correctly select policy package as imported from the reverted configuration at step 4:
Repeat for each VDOM.
Verification
Check Preview to make sure changes are as expected:
Diagram:
