FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
elfaran_FTNT
Staff
Staff

Description

 

This article describes how to solve an issue where the 'Device Manager' page in FortiManager indicates the FortiGate status is Out-of-sync.

 

Scope

 

FortiManager v5.6 and above, FortiGate.


Solution

 

Retrieve Config on the device, as shown below:


It is also possible to use the FortiManager CLI to retrieve the configuration:
 
# diag test deploymanager reloadconf <OID>
 
To find the device OID, use the following command:
 
# diag dvm device list
 
If the changes were applied to policies or objects used in any policy, import the policies again:
Select the unit in the Device Manager page and select Import Policy to launch the import wizard. Use the wizard to import the policies and objects.
 
mdeparisse_FTNT_0-1667473211978.png

 

In FortiManager 7.x.x, the wizard additionally grants the options to import FortiAP and FortiSwitch profiles.

 

mdeparisse_FTNT_1-1667473268711.png
 
Select the policy profile name to use:
 
mdeparisse_FTNT_2-1667473320313.png

 

Choose one of the following options:

  • Keep the FortiGate object entity and import it into the FortiManager policy package database. 
  • Keep the FortiManager database as-is. (It is common practice to import the object from the FortiGate if the one running in the live network is trusted.)

Policy difference may result if the FortiGate object is imported multiple times and the content is different in each one. For example, the object printer_server may have different IP addresses in the first FortiGate and the second FortiGate.

 

mdeparisse_FTNT_3-1667473511780.png

 

mdeparisse_FTNT_4-1667473533338.png

 

mdeparisse_FTNT_5-1667473552118.png

 

If the FortiAP and FortiSwitch profiles were selected to be imported from the FortiGate, the following screen will appear:

 

mdeparisse_FTNT_6-1667473597089.png

 

Afterward, the device database and policy package will be fully synchronized:

 

mdeparisse_FTNT_7-1667473790172.png

 

Run a policy package Install Wizard on the FortiGate(s) to finalize the sync process:

 

mdeparisse_FTNT_8-1667473864654.png
 
Related article: