I am unable to find method to undo recently made configuration/Policy changes that haven't yet been installed (on target device/VDOM).
A change-of-mind scenario, if you will.
In other words, I want the changes shown in "Configuration and Installation Status"->"Device Settings Status" to be reverted from "Modified" back to "UnModified" and "Installation Preview" to show no changes.
How can I do that?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1. for device db change -- if not yet installed, you can do retrieve, retrieve can change back to last time installed config and also update device config status to sync, but it will change package status to unknown -- or you can revert to any previous revision from revision history page, and for device level, FMG will auto generated new revision for each retrieve, install or auto update (but device config status will not back to unmodified and will still shows modified) 2. for policy db change -- if not yet installed, you can try re-import to import last time installed policy changes (from device db), but this normally only for 1 package 1 device case (package status will be imported) -- or you also try ADOM revision function, but this needs you to often save revision when you have changes or when do package install and if want to revert back, you can choose restore which revision config also, I may also suggest you to try FMG workspace/workflow function which FMG will have a cache db for changes and needs a "Save" (workflow even needs approval), thus you can discard (not saved config) to back to previously saved db and also to previous status -- config sys global - set workspace-mode -- this is fully supported for policy and template db, but for device db, cache db only supported for workspace + ADOM normal mode, for other case, device db changes are directly saved
Thanks
Simon
scao_FTNT wrote:1. for device db change -- if not yet installed, you can do retrieve, ... 2. for policy db change -- if not yet installed, you can try re-import to import ...
Hi Simon,
thank you for detailed answers.
Retrieving or importing is not the answer I seek - the importance of FortiManager is for it to act as a definitive device and policy repository and not rely on what is on the device - which at any time, may come to contain anything.
(Rhetorically,) which software available in 2015 does not have an undo?
I would urge Fortinet to implement an 'Revert to last' function in 'Policy & Objects' and a (perhaps) a virtual revision in 'Device Manager' device Dashboard (containing all changes subsequent since Install, which I can Revert from in 'Revision History').
R's, Alex
but how about workspace/workflow function I suggested?
Thanks
Simon
scao_FTNT wrote:I appreciate the advice. Currently, system global's workspace-mode is "normal" but workflow is not a consideration for us.but how about workspace/workflow function I suggested?
normally, if this is no ADOM lock (workspace), and when there has multiple users working on the ADOM for config db change, and change is immediately saved, if system undo something, this may impact other users
so that is why you may need enable ADOM lock function, then only 1 user is working on the db at 1 time and he can decide if save or discard for a config change
but if config change has been saved, then you may have to back to my previous note suggestion for config revert based on revisions
Thanks
Simon
scao_FTNT wrote:so that is why you may need enable ADOM lock function, then only 1 user is working on the db at 1 time and he can decide if save or discard for a config change
I do have ADOM lock, and I do normally lock the ADOM before modifying.
but if config change has been saved, then you may have to back to my previous note suggestion for config revert based on revisions
But I have not talked about (Policy Package) SAVE, I need to undo/revert/drop/ignore last changes that have not yet been saved. I cannot do that - that is the issue.
R's, Alex
scao_FTNT wrote:Brilliant! Thank you.
if you logout without save, will see a warning popup with "Discard" option, see attached pic
Since you obviously have the function (triggered by DISCARD option), why not allow this option without the logout in next revision of FortiManager?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.