Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Best Practices for Policy/Configuration documentation and change management?

I'd be interested in how you manage the daily (configuration) management tasks of Fortigate devices WITHOUT Fortimanager.


This is mostly about requirements for changed/new firewall policies, new/modifying interfaces, adapting to the changing needs of internal users, etc.


Do you have some kind of change management process in place?

Do you document the FG policies and settings in a separate documentation? If yes, how do you do this?

How do you make sure that you have a documented trail or written evidence on changes of the FortiGate configurations?


Even if many of you will most likely recommend FortiManager for some of those issues/questions, we do not want to go with FortiManager (yet).


Are there any other tools, good practices we could adapt for us as well?

We manage a couple of 100F (cluster and single devices), a few 60F/61F and plenty of 40F.


Thanks a lot



Contributor III

Fortimanager is the best option for sure because it does change management, schedule updates, configuration revisions etc.  You could also use the Cloud versions as well if you don't want an on-premise device.


If you are looking for something else I have used Ansible or Terraform for configuration changes and then you could use a product like oxidized to do the configuration backups.


Top Kudoed Authors