|
It is possible to perform the following actions to have separate revisions for every session where the admin made config changes locally on FortiGate:
- Disable the Auto-Update on FortiManager: (Recommended but not a mandatory step).
config system admin settings
set auto-update disable
end
Disabling auto-update will keep the revision history clean and FortiManager will only receive an update once the admin has completed the work and logged out from FortiGate
- Create an Automation Stitch on FortiGate:
- Create action for the stitch: (Set command to upload FortiGate config to FortiManager).
config system automation-action
edit "cfg-upload"
set action-type cli-script
set script "diagnose fdsm cfg-upload fgt-change"
set accprofile "super_admin"
next
end
Note:
'fgt-change' is just a comment and it is possible to set it as wanted.
2. Create a trigger for stitch: (Define when triggering the previously created action).
config system automation-trigger
edit "Configuration Change"
set description <----- An administrator\'s session that changed a FortiGate\'s configuration has ended.
set event-type config-change
next
end
3. Create Automation stitch:
config system automation-stitch
edit "new”
set trigger "Configuration Change"
config actions
edit 1
set action "cfg-upload"
set required enable
next
end
next
end
When an admin makes the changes locally on FortiGate and logs out from the session, a new config file will be sent to FortiManager as a revision but it is still recommended to make all changes on FortiManager.
|
