| Description | This article provides the configuration differences between the ADOM policy package database and the Device Database when configuration changes are made directly on the FortiGate. |
| Scope |
FortiManager. |
| Solution |
In the below example, a new radius server configuration 'New_Radius' is created directly on the FortiGate. The config is auto-updated or retrieved on FortiManager and can be seen under device database/revision but it is not auto-updated in the FortiManager ADOM database.
To view the configuration of the RADIUS object in the ADOM policy package and device database, use the following CLI command.
This command will show the object configuration in the Device Database:
execute fmpolicy print-device-object <adom> <device> <vdom> <category> <all/list>
This command will show object configuration in the ADOM Database:
execute fmpolicy print-adom-object <adom> <category> <all/list>
Example:
execute fmpolicy print-device-object 3 261 3 145 all
config user radius edit "Radius_Server" end
execute fmpolicy print-adom-object 3 145 all
As shown in the screenshots above, the Device Database contains both the old server configuration and the new 'New_Radius' server configuration. However, the ADOM database does not include the 'New_Radius' configuration.
Re-import the policy package, Install it on the target device, and then verify the ADOM database configuration again.
execute fmpolicy print-adom-object 3 145 all
edit "Radius_Server" end
As shown in the output above, the new RADIUS server has been retrieved from the Device Database, and the policy package is now in sync.
Note: Re-importing the policy package from the device is a mandatory step if configuration changes are made directly on the FortiGate for the configurations listed below.
For more useful commands, refer to the CLI reference |
