Thank you @Jakob-AHHG,

We already have FortiManager but last external company didn't use it and suggest to us that we don't need it for 4 locations. But it's 8 Firewalls, 20+ switches, 20-30 AP's etc.

Firewall Policies can't be the same so we couldn't use the template but for upgrades is still really good to us then.

OK, we run 16 locations, and have them split in 3 Policy Groups for FW rules, and I currently have 4 FW Templates.

Granted, there are management stuff that is easier to do directly on a device, but when it's all in sync on FGM, you know what's going on, and it's easier to troubleshoot in tandem with FortiAnalyzer.

And if you then start to figure out Scripts, to do CLI config changes on multiple FortiGates, initiated from FGM, life becomes a lot less tedious.. ;) 

Yes of course, some small stuff like address object's etc its really useful to have them synced across all locations.

As I can see that you are experienced in this area, let me know where I can contact you to learn from you ;)

Still learning, have been using FortiNet for two years now, but have 22 FG's and close to 100 FortiSwitches in the setup now.
Just about to replace Wifi on a complete hotel with FortiAP's (from Cisco).
So 270 FortiAP's being installed the next few weeks.

Arp-Hansen Hotel Group is in Copenhagen, Denmark - and all our sites is here in DK.

It's a big infrastructure to be in. And it's also great for experience that you will gain.
Our infrastructure is lot smaller but its in different countries.
Engineering and Software Development so I need to hop on on the Fortinet train as fast as I can to help company achieve the most security we can get with this.

Hope your implementation goes well

hi,

do you recommend FG firmware on local device instead of FMG fimware template?

does local FG firmware upgrade "breaks" any device or FW policy in FMG? or will it auto update?

If you manually upgrade a device, Manager will just update the status when it comes back online. It does not break anything, but is simply a more slow process, but you are in detailed control.

You can do the 'manual' upgrade of a single device, either on the devices own interface, that requires you manually download the FW from Fortinet, or you can select it in the Switch Manager part of Manager and initiate a manual update from there, selecting the desired FW version.

If you run a FW Template on a group of devices, Manager will show you what devices needs updates, and let you initiate that process.