FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jasonhong
Staff
Staff
Article Id 266854
Description

This article describes a scenario where FortiManager shows No Preview in Install Preview when trying to install changes to FortiGate. A solution is offered.

Scope

FortiManager.

Solution
  1. In order to simulate the scenario where FortiManager shows No Preview in Install Preview when trying to install changes to FortiGate, the user will first create a test CLI template with the script details as below sample and assign it to the FortiGate.

 

config system interface

    edit port5

        set ip 5.5.5.5/24

end

 cli_template.png

 

  1. When going through the Installation Wizard, the user will be able to see the intended changes in the Install Preview. Users will be able to view the installation logs once the installation goes through successfully.

     cli_template_install.png

     

    cli_template_install_complete.png

     

    cli_template_install_log.png

     

     

  2. With the existing CLI template still assigned to the same FortiGate, the user will attempt to make a change on the FortiGate device database pertaining to the same port5 interface IP.

     

    Original port5 interface IP = 5.5.5.5/24

    Updated port5 interface IP = 50.50.50.50/24

     

    devicedb_change.png

     

  3. Once the changes are saved in the FortiGate device database, the user will notice there is a 'No preview' in the Install Preview when going through the Install Wizard. Upon successful installation, the install log shows 'No commands to be installed'.


    no_preview.png

     

    install_log.png

     

     

  4. The reason for this occurrence where FortiManager does not detect any changes to be installed into the FortiGate is that there is an existing CLI template that is still assigned to the FortiGate device.
    If a template is assigned to the FortiGate device, any changes that are made to the FortiGate device database under FortiManager Device Manager will not take effect since the configuration within a template takes priority over configuration changes made in the FortiGate device database.

     

    To demonstrate this, the user will now attempt to change the same changes (update port5 interface IP to 50.50.50.50/24) in the existing CLI template as below.

     

    update_template.png 

  1. Once the changes are updated in the CLI template, the Install Preview will show the intended configuration update on the port5 interface IP when going through the Install Wizard. Subsequently, the install logs will show the intended configuration update that was installed on the FortiGate device.

     

    install_preview_update.png

     

    install_log_update.png

     

     

  2. In short, if a configuration change/update is applied on both the FortiManager template assigned to the device and the device database for the same parameter, FortiManager places a higher priority on the template over the device database. As such, if the user wishes to view the intended configuration change/update, the change/update must be made on the template that is assigned to the device.