Hello - I created a few address objects, then made a new Policy all in FMG. I have to push so I do :
Install wizard and go to the point of 'preview installation' The changes I did showed up as expected.
My next step is to actually push the changes.
My question is will anything else change? Do I need to do a backup before I push? Just curious if it will only change what is in the 'install preview'.
Just making sure I'm not taking down or changing anything else since this is my first go at it...
Mahalo
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I know only v6.4.x. Yours look like newer because the menu on the rev history is quite different from mine. But at least the config DB is in sync with the device. Only the policy package has a problem. Was it actually in sync before you made the changes? And how it's originally created? Imported from the config DB?
If you can push the new config, the device is already on the FMG and have revisions of config backups. Go to the device's System:Dashboard and find Revision->Total Revisions. Then at the end of the line, there is an icon for Revision History menu. Click that to see all revision/backup history. When you highlight one of them, you can view the config and check "diff" from a previous version.
Yes, it would install exactly what's in preview.
If something went wrong after the installation, you can always "Revert" under "More" menu in the Revision History window.
Toshi
Well, unfortunately there were no revisions available, plus there are orange warning triangles on just about every individual rule.
I was to apprehensive to use the FMG to push the policy and objects, therefore I put it on the FortiGate directly.
Is there an auto-retrieve or can I force the FMG to pull the new FG policy?
It might be best I open a case to sort how to clean this up since we inherited things this way.
Are you sure it's on-line? What's in the device list status view under Device&Groups->Managed Devices? There should be Config Status column showing config DB sync status. If normal, there is a "green check mark" before the status.
Once it's registered to the FMG, there should be at least one revision auto-retrieved. If the Total Revisions is '0' while the system information like S/N, IP address, etc. is showing something must have gone wrong.
Manual retrieval is in the Revision History window's menu "Retrieve Config". But I guess it won't work or dimmed at the current state of the device on the FMG.
Share us the screen of the status list view and device dashboard. Or open a case at TAC to get it taken a look a.
Toshi
The revision number 1 is the change I did - but - I did not even push it since there are no other revisions. Even the import configuration is greyed out.
I know only v6.4.x. Yours look like newer because the menu on the rev history is quite different from mine. But at least the config DB is in sync with the device. Only the policy package has a problem. Was it actually in sync before you made the changes? And how it's originally created? Imported from the config DB?
Yes, it is FMG 7.05
I think it might have been imported from the FortiGate, not 100% sure. I'll get a case open. Thank you for your questions.
Created on 08-17-2022 04:54 PM Edited on 08-17-2022 04:57 PM
TAC might suggest the same but I would suggest importing into a new policy package (new name) from the device DB again, then make sure the policy package is in sync first before making changes.
Policy packages are never directly pushed to the device. The changes in the packages are pushed to the device DB first. Only after that the changes are pushed to the device.
I think your current policy package is conflicting with what's in the device DB. So if you tried, you would see errors in the preview. Instead of trying patching up individual conflicts, starting with a clean package would be much faster to complete the changes you're intending to make.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.