Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jasonhong
Staff
Staff

Created on ‎07-31-2023 11:43 PM Edited on ‎04-29-2024 10:06 PM By Community Manager

Article Id 266854

Troubleshooting Tip: FortiManager shows No Preview in Install Preview when trying to install changes to FortiGate

Description

This article describes how to troubleshoot when device manager (device database) changes do not show up in the install preview.
Scope

FortiManager.
Solution
  • Verify if there are provisioning templates assigned to a device with different config because provisioning templates takes precedence over device database.
  • The FortiSwitch Manager and AP Manager templates also take precedence over the changes made in device manager, therefore, changes related to VLANs and AP Profiles should be made under the FortiSwitch templates and AP Manager.
  • Within the provisioning templates, the CLI Template has the highest precedence.

 

The issue is illustrated below with an example of changing interface IP:

 

  1. In order to simulate the scenario where FortiManager shows No Preview in Install Preview when trying to install changes to FortiGate, the user will first create a test CLI template with the script details as below sample and assign it to the FortiGate.

 

config system interface

    edit port5

        set ip 5.5.5.5/24

end

 cli_template.png

 

  1. When going through the Installation Wizard, the user will be able to see the intended changes in the Install Preview. Users will be able to view the installation logs once the installation goes through successfully.

     cli_template_install.png

     

    cli_template_install_complete.png

     

    cli_template_install_log.png

     

     

  2. With the existing CLI template still assigned to the same FortiGate, the user will attempt to make a change on the FortiGate device database pertaining to the same port5 interface IP.

     

    Original port5 interface IP = 5.5.5.5/24

    Updated port5 interface IP = 50.50.50.50/24

     

    devicedb_change.png

     

  3. Once the changes are saved in the FortiGate device database, the user will notice there is a 'No preview' in the Install Preview when going through the Install Wizard. Upon successful installation, the install log shows 'No commands to be installed'.


    no_preview.png

     

    install_log.png

     

     

  4. The reason for this occurrence where FortiManager does not detect any changes to be installed into the FortiGate is that there is an existing CLI template that is still assigned to the FortiGate device.
    If a template is assigned to the FortiGate device, any changes that are made to the FortiGate device database under FortiManager Device Manager will not take effect since the configuration within a template takes priority over configuration changes made in the FortiGate device database. 

 

To demonstrate this, the user will now attempt to change the same changes (update port5 interface IP to 50.50.50.50/24) in the existing CLI template as below.

 

update_template.png 

  1. Once the changes are updated in the CLI template, the Install Preview will show the intended configuration update on the port5 interface IP when going through the Install Wizard. Subsequently, the install logs will show the intended configuration update that was installed on the FortiGate device.

     

    install_preview_update.png

     

    install_log_update.png

     

     

  2. if a configuration change/update is applied on both the FortiManager template assigned to the device and the device database for the same parameter, FortiManager places a higher priority on the template over the device database. As such, if the user wishes to view the intended configuration change/update, the change/update must be made on the template that is assigned to the device.

 

Related articles:

Device Database

Provisioning Templates

FortiSwitch Templates

AP Manager
1735
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.