Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mike74
New Contributor II

Problems with cfg-save revert and batch mode

Hi Community,

 

trying to do some configuration stuff with have a good chance to get disconnected i.e. changing the default gateway on a remote site via ssh Im using batch mode 

config system global
set cfg-save revert
set revert-timeout 240
set admintimeout 3
end
execute batch start
config system interface
edit "wan1"
set ip 10.0.0.1 255.0.0.0
end

config router static
edit 1
set gateway 10.255.255.254
next
end
execute batch end

 

The commands are executed, but when a failure on the next hop occur and there is no way to reconnect, the reboot is not triggered. Also if the reconnect is successful via the new IP and I issue a execute cfg save the system says that the config has not been altered. Trying to experiment a little with the admintimeout and the revert-timeout options doesn't seem to have an reproducable impact to this issue. Also trying to alter a setting outside the batch block also does not have a reproducable effect. Sometime it works and sometimes not. But the Settings within the batch block are always executed but never causes the fortigate (A 60D, trying with FortiOS 5.2.12 and 5.2.13) to reboot when the connection is lost. But when the Fortigate is rebooted manually by disconnecting and reconnect the Power source the config is always reverted as expected.

 

Does anyone know if this behavior is intended and why the batch mode is incompatible with the cfg mode revert?

 

Thanks in advance,

Mike

1 REPLY 1
mike74
New Contributor II

As a short update, the workaround if anyone have similar problems is the following:

[ul]
  • set cfg-mode to manual
  • set daily-restart enable
  • set restart-time to whatever is the unit time plus 5 mins
  • issue the commands in batch mode
  • if successful, unset restart-time, set daily-restart disable, save the changes and revert to cfg-mode automatic.
  • if not, the config is reverted after the scheduled reboot[/ul]

    Also like to mention that all the commands, also the one in the former post, are sent via ssh to the unit.

     

    But im strong interested in getting the way with cfg-mode revert working because the workaround does not work well in a fully scripted environment.

     

    Mike