Description

 

This article describes how to delete firmware templates profile which is not showing in FortiManager GUI but works schedule. It may sometimes related to previous issue that FortiManager fwm db and device did not sync.

 

Scope

 

FortiManager 7.2.x - 7.4.x.

 

Solution

 

There are no visible firmware templates in the FortiManager GUI, but because of the template profile cache, it could work on a schedule.

 

Firmware Templates from the GUI:

 

 

Firmware Templates and profile cache from the CLI:

 

Run the command to get a list of template profiles:

 

diagnose fwmanager profile list

 

fwm profile files in adom root(3):

adom3_Fortigate_zentral:

{

 "adom_oid": 3,

 "data": {

  "checksum": "1717536346-440850460",

  "description": null,

  "enforced version": [

   {

    "flags": 0,

    "platform": "FGT-Default",

    "product": 1,

    "upgrade-path": 1,

    "version": "7.2.8-b1639"

   }

  ],

  "image-source": 0,

  "schedule-day": 1,

  "schedule-end-time": "03:00",

  "schedule-start-time": "00:00",

  "schedule-type": 4

 },

 "name": "Fortigate_zentral",

 "oid": 5539,

 "scope member": [

  {

   "oid": 198,

   "vdom_oid": 3

  },

  {

   "oid": 165,

   "vdom_oid": 3

  }

 ]

}

adom335_fortiwifi649:

{

 "adom_oid": 335,

 "data": {

  "checksum": "1663072898-1682363814",

  "description": null,

  "enforced version": [

   {

    "flags": 0,

    "platform": "FortiWiFi-61E",

    "product": 1,

    "upgrade-path": 1,

    "version": "6.4.9-b1966"

   }

  ],

  "image-source": 1,

  "schedule-day": 0,

  "schedule-end-time": null,

  "schedule-start-time": null,

  "schedule-type": 0

 },

 "name": "fortiwifi649",

 "oid": 4162

}

adom3_Fortigate_dezentral:

{

 "adom_oid": 3,

 "data": {

  "checksum": "1717536358-1361879211",

  "description": null,

  "enforced version": [

   {

    "flags": 0,

    "platform": "FGT-Default",

    "product": 1,

    "upgrade-path": 1,

    "version": "7.2.8-b1639"

   }

  ],

  "image-source": 0,

  "schedule-day": 126,

  "schedule-end-time": "03:00",

  "schedule-start-time": "00:00",

  "schedule-type": 4

 },

 "name": "Fortigate_dezentral",

 "oid": 5543,

 "scope member": [

  {

   "oid": 333

  }

 ]

}

adom3_Fortigate2600:

{

 "adom_oid": 3,

 "data": {

  "checksum": "1729083778-0220913712",

  "description": null,

  "enforced version": [

   {

    "flags": 0,

    "platform": "FGT-Default",

    "product": 1,

    "upgrade-path": 0,

    "version": "7.2.10-b1706"

   }

  ],

  "image-source": 0,

  "schedule-day": 8,

  "schedule-end-time": "16:00",

  "schedule-start-time": "15:00",

  "schedule-type": 4

 },

 "name": "Fortigate2600",

 "oid": 5690,

 "scope member": [

  {

   "oid": 1253,

   "vdom_oid": 3

  }

 ]

}

 

There is one more Firmware template profile cache in the CLI and not seen in the GUI as a Template: adom3_Fortigate2600.

Because of the profile cache, it (adom3_Fortigate2600) works every week from 15:00 to 16:00 and tries to install FortiOS 7.2.10-b1706 to the assigned platform(s). It may downgrade or upgrade the platform(s) depending on the FortiOS version.

 

The diagnose fwmanager profile command has 5 options. For more information, see fwmanager - FortiManager 7.4.0 CLI reference.

 

To delete the firmware profile cache, run the following command:

 

diagnose fwmanager profile clear

 

After clearing the profile cache, there will not be any template profiles cached in the FortiManager CLI:

 

diagnose fwmanager profile list

 

• fwm profile files in adom root(3):
• fwm profile files in adom FortiCarrier(104):

 

Now, the adom3_Fortigate2600 templates profile cache will not work anymore.