Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Notification when configuration out-of-sync

Hey Everyone, I' m seeing what I imagine is a common issue with FortiManager - users manually modifying configuration and overriding FMG Policy, and Backup mode not automatically syncing configuration. Both of these are separate issues, what I want to know is: Is there a way to receive a notification that configuration is out of sync? Ideally either E-Mail, SNMP or even in logs, for both immediate or when it' s been out of sync for more than a set period of time. Currently, the only way to know is next time a user goes to make a change and notices the " Out of sync" status.
New Contributor III

We don' t use Backup mode, but under a normal mode adom I' ve just had a look at what our FMG is sending to our SIEM, the following syslog is from an autoupdate event:
<190>date=2014-09-24 time=07:36:59 devname=fmg1 device_id=FMG-VM0000000000 log_id=0012021008 type=event subtype=dm pri=information user=" AutoUpdate" userfrom=" " msg=" AutoUpdate from fgt1(FG800C1234567890): revision(409)" device=" fgt1" serial=" FG800C1234567890" dev_oid=0 revision=409
We don' t use the analyzer functions on the FMG so I can' t say if you can get the FMG itself to alert, but a syslog server should be able to watch incoming logs and alert based on messages like the above. We haven' t locked out the SysAdmin team from being able to access the Fortigates directly because we do use the workflow config in the FMG (with approvals) and we would still need to be able to do emergency changes. That being said when we first started using the FMG it was very hard to get them to stop modifying the Fortigates, they slowly stopped when they started to be named & shamed in outage reports because of regressions caused by not using the FMG. A Taser also helps to keep them away from the Fortigates. Regards, Matthew
Top Kudoed Authors