FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
dgrigoriciuc
Staff
Staff
Article Id 189612

Description

 

This article describes that the FortiManager backup has an abnormal size if it is over 400 MB and provides some guidelines for removing the backup size.
 
Scope
 
FortiManager, FortiGate.


Solution

 

If the file system is healthy and not affected by any unknown bugs then the large size is caused by the high number of ADOM revisions.
An ADOM revision is a full back of all objects and policies when a change is made or a revision is created manually. 
As such a backup is not incremental it will take more and more disk space with each revision.

In the current design, the FortiManager backup includes all these ADOM revisions potentially resulting in a very large backup file.
When the size is high the automatic or manual backup process can take long, can overuse the CPU, and the backup might be unusable.
Even if the backup file is correct it can take a long time to reload it, process it, or attach it to a support ticket.

The recommendation is to limit the number of ADOM revisions (the default is 120) and delete old revisions.

The CLI config to reduce the number of ADOM revisions and auto-delete old is given below:
 
config system global
    set adom-rev-max-backup-revisions 10
    set adom-rev-auto-delete by-revisions
end
 
The auto-delete process can also be disabled and revisions can be kept based on creation time (For example: the last 30 days).

The old revisions are automatically deleted when a new one is created or can be manually deleted in GUI as described in the Administration Guide which is available in the Fortinet Document Library.
 
It is also possible to reduce the number of adom-rev-max-backup-revisions (default is 5):
The 'adom-rev-max-backup-revisions' setting in FortiManager determines the maximum number of ADOM revisions to be included in the system configuration backup.
This setting is important because it allows control of the number of revisions stored in the backup, helping to manage the size of the configuration backups effectively. By limiting the number of backup revisions, it is possible to optimize storage space and ensure that only a specified number of revisions are retained for each ADOM.
 
config system global
    set adom-rev-max-backup-revisions 3
end
 
Related article: