Description | This article describes that by design, FortiManager will consolidate the consecutive auto-update revisions into one and it is not possible to revert to a particular config. |
Scope | FortiManager, FortiGate. |
Solution |
It is possible to perform the following actions to have separate revisions for every session where the admin made config changes locally on FortiGate:
config system admin settings set auto-update disable end
Disabling auto-update will keep the revision history clean and FortiManager will only receive an update once the admin has completed the work and logged out from FortiGate
config system automation-action
Note: 'fgt-change' is just a comment and it is possible to set it as wanted.
2. Create a trigger for stitch: (Define when triggering the previously created action).
config system automation-trigger edit "Configuration Change" set description <----- An administrator\'s session that changed a FortiGate\'s configuration has ended. set event-type config-change next end
3. Create Automation stitch:
config system automation-stitch edit "new” set trigger "Configuration Change" config actions edit 1 set action "cfg-upload" set required enable next end next end
When an admin makes the changes locally on FortiGate and logs out from the session, a new config file will be sent to FortiManager as a revision but it is still recommended to make all changes on FortiManager. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.