Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Toshi_Esumi
Esteemed Contributor

trigger/reason of FMG Auto-update

We've been using a FMG-VM about 7 months in production, which is now 6.4.8 running. But still see Auto-update happens to a few managed FGTs without any local config changes.

Mostly seems to be harmless when I diff config revisions before and after, which makes me more specious "why needs to happen???". But when I upgraded those FGTs last time, about 30 of them at a time, 2-3 of them got an IPS sensor's content removed 5 - 60 minutes later after the maintenance was completed. TAC said that particular one was probably a bug but closed the case since I already re-installed the policy package and nothing to look at. And no explanation about the random auto-updates.

 

Does anyone know the conditions an auto-update might happen?

 

Toshi

1 Solution
Debbie_FTNT
Staff
Staff

Hey Toshi,

 

an auto-update usually happens after an admin logs in on a managed FortiGate, selects read-write access during the login, and then logs out.
The admin logout prompts the FortiGate to update its config in FortiManager. I'm not sure if the auto-update happens EVERY time or only if configuration changes were undertaken (you might need to compare revisions for that), but it is the admin logout that triggers it.

You could check through your FortiGate system event logs to see if the auto-update times align with admin logouts or other activity.

 

Hope this helps :)

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor

Sorry I meant to type 6.4.7. We've been waiting for 6.4.8 for a big bug fix.

Debbie_FTNT
Staff
Staff

Hey Toshi,

 

an auto-update usually happens after an admin logs in on a managed FortiGate, selects read-write access during the login, and then logs out.
The admin logout prompts the FortiGate to update its config in FortiManager. I'm not sure if the auto-update happens EVERY time or only if configuration changes were undertaken (you might need to compare revisions for that), but it is the admin logout that triggers it.

You could check through your FortiGate system event logs to see if the auto-update times align with admin logouts or other activity.

 

Hope this helps :)

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

Toshi_Esumi

Thanks Debbie. That explains some behaviors related to auto-update. I think it does it regardless any config is changed or not. For those I noticed after the firmware upgrade last time, I think I got in via CLI over SSH to verify they're working as they should after the upgrade then logged out. Wiping out the content of IPS sensor was not expected though. But it happened only to device DB and didn't change actual config on the device.

I wished it was described somewhere in the online manual of FMG and TAC was trained accordingly.

 

Toshi

Debbie_FTNT

No problem, happy to help :).

I just happen to know this as I was part of the FortiManager TAC team a few years ago. They should be aware of this information, and if you ever have a ticket with them, you could suggest they create a KB on this. Might come across as bit odd if I (as non FMG-team member) write one.
Cheers!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++