FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Sabk_FTNT
Staff
Staff
Article Id 195935

Description

 

This article explains how to revert a FortiGate to a stored revision, including reverting to the previous configuration of policies using FortiManager.

 

Scope

 

FortiManager, FortiGate

 

Solution

 

The FortiManager stores revision history for each managed FortiGate. The revision history database is updated on configuration changes and policy package installation. This database can be used to revert a FortiGate unit to a previous configuration and previous version of policy packages.

 

  1. Access the Revision History from Device Manager > Device & Groups > Managed FortiGate > Select the FortiGate > Dashboard: Summary > Under Configuration and Installation widget > Select the icon besides Total Revision:

1.png

 

This shows all the available revisions (the current active revision is with a green check mark, in this case, #22):
 
2.png

 

  1. Select any revision (for example #20) then select More then select Revert:

3.png

 

 
  1. The selected revision is loaded in a device-level database and is shown as 'Revision Revert' and a green check mark appears beside the revision number.

4.png

 


At this stage, the policy package has NOT been updated. 
If an 'Install' is done at this stage, system-level config will correspond to the reverted config (ID #20), but the policy packages will still correspond to ID #22.
 
  1. To update the policy packages with policies and objects as they are in the reverted revision, it s necessary to Import Configuration under Device Manager -> Device & Groups -> Managed FortiGate, select a FortiGate (or VDOM) and select Import Configuration. Refer to: Importing policies and objects.

5.png

 

Note:

Policy packages are imported from the FortiManager device level database, not from the FortiGate unit > Sequence of operations for installation to managed devices.


  1. Install - After policy packages for all VDOMs have been imported, the reverted configuration can be installed to the FortiGate under Device Manager -> Device & Groups -> Managed FortiGate -> Install Wizard -> Install Policy Package & Device Settings. Make sure to correctly select the policy package as imported from the reverted configuration at step 4.
 
6.png

 


Note:
Make sure to check the Install Preview to check what config FortiManager is pushing to the FortiGate. Repeat the process for each VDOM.

 


Diagram:

 

Related srticle:

Technical Tip: Configuration import from the device to the ADOM DB/Policy & Objects