Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
us_art
New Contributor II

Random overwrite of interface settings

Hi everyone!

I have FG300 and FMG version 6.2.7

Such a problem has recently emerged:

I change the interface settings on the device, in particular, add networks to the exceptions on the captive portal. Apply this. 

     config user security-exempt-list
     edit "DMZ-exempt-list"
     config rule
     edit 1
     set srcaddr "DMZ Subnet" "gatchina" "IPsec subnet" "main" "medical equipment" "mgmt" "phone" "printers" "Remote access" "servers" "other devices network"
     next
     end

Everything passes correctly. Next, I change any policy (only policy, not device settings) I apply changes and eventually get that the interface settings are returned to their original position!

config user security-exempt-list
2: edit "DMZ-exempt-list"
3: config rule
4: edit 1
5: set srcaddr "DMZ Subnet" "gatchina" "IPsec subnet" "main" "medical equipment" "mgmt" "phone" "printers" "Remote access" "servers"
6: next
7: end
8: next
9:end
10:config firewall policy
11: edit 13
12: unset status
13: next
14:end

Has anyone encountered anything like this?

1 Solution
us_art
New Contributor II

The problem was solved by importing policies from the FG, with their replacement on the FMG.

View solution in original post

3 REPLIES 3
us_art
New Contributor II

The problem was solved by importing policies from the FG, with their replacement on the FMG.

View solution in original post

sw2090
Honored Contributor

yeah if you change settings ona managed FGT you have to retrieve the config in FMG afterwards. If you don't FMG will override those changes when you roll out device config or poicy package next time.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

us_art
New Contributor II

I haven't been setting up the FG on its own for a long time, only from FMG, that's why I was surprised that FMG stubbornly inserted the old interface settings. Perhaps I missed the moment when FG, do not sync the settings for some reason..