Fortinet black logo

Best Practices

Home FortiGate / FortiOS 7.0.0 Best Practices

Configuration changes

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0
Copy Link
Copy Doc ID 7c8e21ef-1be2-11ec-8c53-00505692583a:398966
Download PDF

Configuration changes

Configuration changes on the FortiGate after its initial setup should follow a change procedure as part of your change management plan.

For example, the following is a possible change procedure for changes to the FortiGate configuration:

  • Make sure that all of the affected parties are aware of the upcoming change and have a platform to provide input.

  • Define the required changes and the objective, to keep the task focused.

  • If creating or changing policies, note the following:

    • The purpose of the policy,

    • The affected services, applications, users, and devices,

    • The date that the policy is added and, if applicable, the date that it expires,

    • The name of the person who added or edited the policy.

  • Define the possible risks, and plans to mitigate them.

  • Define a contingency, or back-out, plan.

  • Create a backup of the working configuration before making any changes.

  • Prepare a well defined workflow. This can be particularly important if multiple teams are involved.

  • Schedule a maintenance window.

  • Test the changes, and have them validated by any affected parties.

  • Audit and document the completed work.

  • Create a backup of the new configuration.

Note

Always maintain a backup of the FortiGate's working configuration. Keeping multiple past configurations is recommended. Backups can be created in the GUI, CLI, and API, and on FortiManager and FortiCloud.
Previous
Next

Configuration changes

Configuration changes on the FortiGate after its initial setup should follow a change procedure as part of your change management plan.

For example, the following is a possible change procedure for changes to the FortiGate configuration:

  • Make sure that all of the affected parties are aware of the upcoming change and have a platform to provide input.

  • Define the required changes and the objective, to keep the task focused.

  • If creating or changing policies, note the following:

    • The purpose of the policy,

    • The affected services, applications, users, and devices,

    • The date that the policy is added and, if applicable, the date that it expires,

    • The name of the person who added or edited the policy.

  • Define the possible risks, and plans to mitigate them.

  • Define a contingency, or back-out, plan.

  • Create a backup of the working configuration before making any changes.

  • Prepare a well defined workflow. This can be particularly important if multiple teams are involved.

  • Schedule a maintenance window.

  • Test the changes, and have them validated by any affected parties.

  • Audit and document the completed work.

  • Create a backup of the new configuration.

Note

Always maintain a backup of the FortiGate's working configuration. Keeping multiple past configurations is recommended. Backups can be created in the GUI, CLI, and API, and on FortiManager and FortiCloud.
Previous
Next