Fortinet white logo
Fortinet white logo

Handbook

Pushing/pulling configurations

Pushing/pulling configurations

You can use the sync list configuration page to push or pull sets of configuration objects to or from a target FortiADC appliance. The push/pull operation is a manual operation. It is not repeated automatically.

Before you begin:

  • Configuration synchronization must be enabled on the appliances. Go to System > Settings > Basic.
  • You must plan for the impact the configuration push/pull has on the target deployment.
  • You must have Read-Write permission for System settings.
To push or pull a configuration:
  1. Click System > Settings.
  2. Click the Sync List tab.
  3. Click Create New and complete the configuration as described in Table 126.
  4. After you have saved the configuration, it is added to the configuration table.

  5. To execute the push/pull operation, select the configuration from the table, select From or To, and click Sync.
  6. Check the Status column in the table to see the result of the push/pull operation.
  7. Log into the target appliance and check the configuration logs (Log & Report > Log Browsing > Event Log > Configuration. Notice the log entries for each configuration change resulting from the push/pull operation.

Sync List configuration

Settings Guidelines
Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Server IP IP address of the remote appliance.
Password Password for the admin account on the remote appliance.
Type
  • System—Includes config config, config system (except config system mailserver), config user, and config vdom commands.
  • Networking—Includes config router commands.
  • LB—Includes config load-balance commands.
  • Log—Includes config log commands and config system mailserver.
  • LLB—Includes config link-load-balance commands.
  • GDS—Includes config global-load-balance and config global-dns-server commands.
  • Security—Includes config security waf commands.
  • User—Includes config user commands.

Note: For each of the above settings, there are certain parameters that cannot be synchronized through the Sync List feature. For details,

Table 127 highlights the commands that cannot be synced using the Sync List feature, and must be handled manually on a per appliance basis..

Commands that cannot be synced via the Sync List feature

Module Commands
System
  • system global
  • system tcpdump
  • system accprofile
  • system admin
  • system ha
  • system snmp sysinfo
  • system snmp community
  • system snmp user
  • system alert-snmp-trap
  • system fortiguard
  • system hsm info
  • system hsm partition
  • config sync-list
Networking
  • firewall qos-filter
  • firewall qos-filter6
  • router policy
  • router isp
  • router setting
  • firewall nat-snat
  • firewall vip
  • router md5-ospf
  • router ospf
  • router bgp
  • system interface
  • router static
LLB
  • link-load-balance virtual-tunnel
  • link-load-balance flow-policy
Security
  • firewall policy
  • firewall policy6
  • firewall connlimit
  • firewall connlimit6
SLB
  • load-balance ippool
  • load-balance virtual-server
GLB
  • global-load-balance link
  • global-load-balance virtual-server-pool
  • global-load-balance host
  • global-load-balance analytic
  • global-dns-server general
  • global-dns-server policy
Log & Report
  • system mailserver

Pushing/pulling configurations

Pushing/pulling configurations

You can use the sync list configuration page to push or pull sets of configuration objects to or from a target FortiADC appliance. The push/pull operation is a manual operation. It is not repeated automatically.

Before you begin:

  • Configuration synchronization must be enabled on the appliances. Go to System > Settings > Basic.
  • You must plan for the impact the configuration push/pull has on the target deployment.
  • You must have Read-Write permission for System settings.
To push or pull a configuration:
  1. Click System > Settings.
  2. Click the Sync List tab.
  3. Click Create New and complete the configuration as described in Table 126.
  4. After you have saved the configuration, it is added to the configuration table.

  5. To execute the push/pull operation, select the configuration from the table, select From or To, and click Sync.
  6. Check the Status column in the table to see the result of the push/pull operation.
  7. Log into the target appliance and check the configuration logs (Log & Report > Log Browsing > Event Log > Configuration. Notice the log entries for each configuration change resulting from the push/pull operation.

Sync List configuration

Settings Guidelines
Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Server IP IP address of the remote appliance.
Password Password for the admin account on the remote appliance.
Type
  • System—Includes config config, config system (except config system mailserver), config user, and config vdom commands.
  • Networking—Includes config router commands.
  • LB—Includes config load-balance commands.
  • Log—Includes config log commands and config system mailserver.
  • LLB—Includes config link-load-balance commands.
  • GDS—Includes config global-load-balance and config global-dns-server commands.
  • Security—Includes config security waf commands.
  • User—Includes config user commands.

Note: For each of the above settings, there are certain parameters that cannot be synchronized through the Sync List feature. For details,

Table 127 highlights the commands that cannot be synced using the Sync List feature, and must be handled manually on a per appliance basis..

Commands that cannot be synced via the Sync List feature

Module Commands
System
  • system global
  • system tcpdump
  • system accprofile
  • system admin
  • system ha
  • system snmp sysinfo
  • system snmp community
  • system snmp user
  • system alert-snmp-trap
  • system fortiguard
  • system hsm info
  • system hsm partition
  • config sync-list
Networking
  • firewall qos-filter
  • firewall qos-filter6
  • router policy
  • router isp
  • router setting
  • firewall nat-snat
  • firewall vip
  • router md5-ospf
  • router ospf
  • router bgp
  • system interface
  • router static
LLB
  • link-load-balance virtual-tunnel
  • link-load-balance flow-policy
Security
  • firewall policy
  • firewall policy6
  • firewall connlimit
  • firewall connlimit6
SLB
  • load-balance ippool
  • load-balance virtual-server
GLB
  • global-load-balance link
  • global-load-balance virtual-server-pool
  • global-load-balance host
  • global-load-balance analytic
  • global-dns-server general
  • global-dns-server policy
Log & Report
  • system mailserver