Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
singhl
Staff
Staff

Created on ‎10-24-2024 08:01 AM Edited on ‎10-26-2024 07:55 AM By Moderator

Article Id 352295

Technical Tip: Bulk retrieve device configuration from managed devices

Description This article describes how to retrieve configuration from multiple FortiGate devices by running a script. Script will create a temporary address object on FortiGate directly and subsequently trigger a retrieve of config. In next policy package install, the temporary object will be deleted, as it will not be in use.
Scope FortiManager.
Solution
  1. Create a CLI script in FortiManager and set option to run script on 'Remote FortiGate Directly (via CLI)'.

  2. Example of the contents that can be used in the script:

config firewall address
    edit "Temp-Retrieve_address"
        set type fqdn
        set comment "Added to trigger Auto-update from FortiGate, this can be deleted"
        set fqdn "fmg_retrieve.fortimanager.net"
    next
end

  1. Run this script on multiple FortiGate devices. It is recommended to run on maximum 200 devices at once to avoid any performance issues.

  2. Once the script has been run successfully, a new revision will be created for the managed device.

retrieve_script.png

 

Note: This method requires FortiManager to have auto-update enabled:

 

config system admin setting

    set auto-update enable

end
Labels:
425
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.