Description
This article describes how to use a script to make FortiGate(s) upload its configuration to FortiManager. The script can be run for multiple FortiGates at the same time to achieve bulk retrieval.
Bulk retrieves for all FortiGates might only be needed if there is a major disconnection of all FortiGates from FortiMangaer and changes are made locally to firewalls that need to be synced back to FortiManager.
Warning:
Depending on the number of FortiGates, this process might cause high bandwidth consumption and performance issues.
After retrieving the configuration, the policy package will change status to unknown.
To avoid performance issues, it is recommended to run the script simultaneously for a maximum of 200 devices.
Scope
FortiManager.
Solution
- Create a script in FortiManager -> Device Manager -> Scripts -> Create New.
- Type: CLI Script.
- Run script on: Remote ForitGate Directly (via CLI):
diagnose fdsm cfg-upload 'comment' <----- Any comment can be set, it will be used to identify the retrieve in the revision history.
- Select OK to save.
Note:
For FortiGates with VDOMs enabled, the script should be modified to this:
config global
diagnose fdsm cfg-upload 'comment'
- Running the script on all FortiGates:
- Select the FortiGates and select the right arrow:
- Select Run:
- Select OK:
- The script will start running:
- Go to Device Manager and the configuration status of FortiGates should show synchronized. If any FortiGate is not showing synchronized, 'right-click' on the device and select 'Refresh Device'.
- In the Total Revisions for each FortiGate, there will be a 'Retrieve' entry with the 'comment' in the comments section.
Note 1:
Script Status/logs can also be checked from: System Settings -> Task Monitor:
Note 2:
Bulk retrieval can also be done by selecting the notification icon on the top, but it only works if the devices are either in a 'conflict' or 'out-of-sync' state.
