Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlexFeren
New Contributor III

Undo/revert/drop/ignore last changes in FortiManager

I am unable to find method to undo recently made configuration/Policy changes that haven't yet been installed (on target device/VDOM).

A change-of-mind scenario, if you will.

In other words, I want the changes shown in "Configuration and Installation Status"->"Device Settings Status" to be reverted from "Modified" back to "UnModified" and "Installation Preview" to show no changes.

How can I do that?

8 REPLIES 8
scao_FTNT
Staff
Staff

1. for device db change    -- if not yet installed, you can do retrieve, retrieve can change back to last time installed config and also update device config status to sync, but it will change package status to unknown    -- or you can revert to any previous revision from revision history page, and for device level, FMG will auto generated new revision for each retrieve, install or auto update (but device config status will not back to unmodified and will still shows modified) 2. for policy db change    -- if not yet installed, you can try re-import to import last time installed policy changes (from device db), but this normally only for 1 package 1 device case (package status will be imported)    -- or you also try ADOM revision function, but this needs you to often save revision when you have changes or when do package install and if want to revert back, you can choose restore which revision config also, I may also suggest you to try FMG workspace/workflow function which FMG will have a cache db for changes and needs a  "Save" (workflow even needs approval), thus you can discard (not saved config) to back to previously saved db and also to previous status    -- config sys global - set workspace-mode    -- this is fully supported for policy and template db, but for device db, cache db only supported for workspace + ADOM normal mode, for other case, device db changes are directly saved

Thanks

 

Simon

AlexFeren
New Contributor III

scao_FTNT wrote:

1. for device db change   -- if not yet installed, you can do retrieve, ... 2. for policy db change   -- if not yet installed, you can try re-import to import ...

Hi Simon,

thank you for detailed answers.

 

Retrieving or importing is not the answer I seek - the importance of FortiManager is for it to act as a definitive device and policy repository and not rely on what is on the device - which at any time, may come to contain anything.

 

(Rhetorically,) which software available in 2015 does not have an undo?

 

I would urge Fortinet to implement an 'Revert to last' function in 'Policy & Objects' and a (perhaps) a virtual revision in 'Device Manager' device Dashboard (containing all changes subsequent since Install, which I can Revert from in 'Revision History').

R's, Alex

scao_FTNT
Staff
Staff

but how about workspace/workflow function I suggested?

 

Thanks

 

Simon

AlexFeren
New Contributor III

scao_FTNT wrote:

but how about workspace/workflow function I suggested?

I appreciate the advice. Currently, system global's workspace-mode is "normal" but workflow is not a consideration for us.

scao_FTNT
Staff
Staff

normally, if this is no ADOM lock (workspace), and when there has multiple users working on the ADOM for config db change, and change is immediately saved, if system undo something, this may impact other users

 

so that is why you may need enable ADOM lock function, then only 1 user is working on the db at 1 time and he can decide if save or discard for a config change

 

but if config change has been saved, then you may have to back to my previous note suggestion for config revert based on revisions

 

Thanks

 

Simon

AlexFeren
New Contributor III

scao_FTNT wrote:

so that is why you may need enable ADOM lock function, then only 1 user is working on the db at 1 time and he can decide if save or discard for a config change

I do have ADOM lock, and I do normally lock the ADOM before modifying.

but if config change has been saved, then you may have to back to my previous note suggestion for config revert based on revisions

But I have not talked about (Policy Package) SAVE, I need to undo/revert/drop/ignore last changes that have not yet been saved. I cannot do that - that is the issue.

R's, Alex

scao_FTNT
Staff
Staff

if you logout without save, will see a warning popup with "Discard" option, see attached pic

 

Thanks

 

Simon

AlexFeren
New Contributor III

scao_FTNT wrote:
if you logout without save, will see a warning popup with "Discard" option, see attached pic
Brilliant! Thank you.

Since you obviously have the function (triggered by DISCARD option), why not allow this option without the logout in next revision of FortiManager?

Labels
Top Kudoed Authors