Technical Tip: Bulk retrieve device configuration from managed devices

singhl · ‎10-24-2024

Description

This article describes how to retrieve configuration from multiple FortiGate devices by running a script. Script will create a temporary address object on FortiGate directly and subsequently trigger a retrieve of config. In next policy package install, the temporary object will be deleted, as it will not be in use.

Scope

FortiManager.

Solution

Create a CLI script in FortiManager and set option to run script on 'Remote FortiGate Directly (via CLI)'.
Example of the contents that can be used in the script:

config firewall address
    edit "Temp-Retrieve_address"
        set type fqdn
        set comment "Added to trigger Auto-update from FortiGate, this can be deleted"
        set fqdn "fmg_retrieve.fortimanager.net"
    next
end

Run this script on multiple FortiGate devices. It is recommended to run on maximum 200 devices at once to avoid any performance issues.
Once the script has been run successfully, a new revision will be created for the managed device.

Note: This method requires FortiManager to have auto-update enabled:

config system admin setting

set auto-update enable

end

Related articles:

Technical Tip: CLI Script behavior to run in FortiManager

Technical Tip: How to do bulk retrieve config in FortiManager using a script

Technical Tip: Bulk retrieve device configuration from managed devices

You are leaving our website