FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes CLI (Command Line Interface) commands that should be run on FortiManager before and after an upgrade. Understanding these commands helps ensure a smooth and successful upgrade process.
Scope
FortiManager.
Solution
Upgrading FortiManager is a critical task to keep the network security management system up-to-date. However, it is essential to ensure that the upgrade process is smooth and does not result in data corruption or integrity issues. The CLI commands mentioned here are designed to verify the integrity of various components before and after the upgrade.
Before upgrading FortiManager, it is recommended to run these CLI commands to perform various integrity checks and ensure that the system is in a healthy state:
Note: It is important tosave a backup of the FortiManager before running these commands to have a rollback possibility in case of any unintended consequences.
diagnose dvm check-integrity: This command checks the integrity of the Device Manager (DVM) to ensure that the configuration and objects are consistent and undamaged.
diagnose cdb check adom-revision: It checks the revision history of Administrative Domains (ADOMs) to verify that they are consistent.
diagnose cdb check adom-integrity: This command verifies the integrity of ADOM configurations, ensuring that there are no inconsistencies.
diagnose cdb check policy-packages: It checks the policy packages to ensure that there are no issues with the security policies.
diagnose cdb upgrade check +all: This command performs a comprehensive check of the CDB (Configuration Database) to identify any issues that may affect the upgrade.
After upgrading FortiManager, these CLI commands are run to perform additional checks and ensure the integrity of the system:
diagnose pm2 check-integrity all: This command checks the integrity of all policy packages, ensuring that they were successfully migrated and are free from corruption.
diagnose cdb upgrade check objcfg-integrity: This command verifies the integrity of object configurations to ensure that objects are correctly upgraded and intact.
diagnose cdb upgrade check reference-integrity: This command checks the integrity of references between various components, such as policies and objects, to ensure that references are accurate.
Running these CLI commands before and after upgrading FortiManager is important to verify the integrity of configurations, policies, and objects. These commands help identify and resolve any issues that could potentially lead to data corruption or integrity problems during and after the upgrade process.
