I would like to know the possibility of comparing multiple Fortigate configurations (branches). The objective is to identify if any of the devices are missing important configurations. Currently, the branches are not using a CLI template, so we do not know how many branches have missing any important configurations. Is there something we can do using Fortianalyzer or Fortimanager to get this data?
Have you tried Security Rating (under Security Fabric menu).
This probably what you are looking for.
Hello @dacca ,
If your aim is to compare your own configuration deficiencies, I know that FortiManager or analyzer cannot do this. FortiManager can only compare old and new configurations for the same device.
If your goal is to eliminate things that do not comply with best practices, you can use security rating as @AEK says.
If you ask me, if you do not have many devices, you can compare manually configuration files with Notepad++'s comparison plugin or a similar tool.
You implied below:
1. Already have an FMG in place and managing all FGTs at HQ and branches.
2. You use CLI templates at HQ FGT to manage/regulate "important configuration".
Then your objective is NOT to find out locations where the important configuration is missing, but to implement/enforce the important configuration at all branches as well.
Why don't you just use the same CLI templates to those branch FGTs to enforce the same configuration to all branches? You already have CLI templates that tell you what exactly you're looking for. So it's very simple to search the config in the config database at your FMG. But you wouldn't care if branches already have the config in the FGTs but want to make sure they're always there with the CLI templates.
When you apply those CLI templates to the branches, you can "preview" if the FMG would push the templates, or not when it's aready there, so that you can "identify if any of the devices are missing important configurations." It's actually the easiest way to identify those precisely.
You're trying to do double-/duplicated-work.
Toshi
User | Count |
---|---|
1883 | |
1141 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.