Fortinet white logo
Fortinet white logo

Administration Guide

Firewall policy reordering on first installation

Configuring a device

Configuring a FortiGate unit using the Device Manager dashboard toolbar is very similar to configuring FortiGate units using the FortiGate GUI. You can also save the configuration changes to the configuration repository and install them to other FortiGate units at the same time.

This document does not provide detailed procedures for configuring FortiGate units. See the FortiGate documentation for complete information. The most up-to-date FortiGate documentation is also available in the Fortinet Document Library.

To configure a FortiGate unit:

  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the content pane, select a device.
  4. From the Install menu, select Install Config.
  5. When the installation configuration is complete, click Finish.

    The configuration changes are saved to the FortiManager device database instead of the FortiManager repository represented by the Revision History window.

To view the history of the configuration installation, click the View History button in the History column to open the Install History dialog box. This can be particularly useful if the installation fails.

You can rename and reapply firewall objects after they are created and applied to a firewall policy. When you do so, the FortiManager system will: delete all dependencies, delete the object, recreate a new object with the same value, and recreate the policy to reapply the new object.

Firewall policy reordering on first installation

On the first discovery of a FortiGate unit, the FortiManager system will retrieve the unit's configuration and load it into the Device Manager. After you make configuration changes and install them, you may see that the FortiManager system reorders some of the firewall policies in the FortiGate unit’s configuration file.

This behavior is normal for the following reasons:

  • The FortiManager system maintains the order of policies in the actual order you see them and manipulate them in the GUI, whereas the FortiGate unit maintains the policies in a different order (such as order of creation).
  • When loading the policy set, the FortiManager system re-organizes the policies according to the logical order as they are shown in the user interface. In other words, FortiManager will group all policies that are organized within interface pairs (internal -> external, port1 -> port3, etc.).

The FortiManager system does not move policies within interface pairs. It will only move the configuration elements so that policies with the same source/destination interface pairs are grouped together.

This behavior would only be seen:

  • On the first installation.
  • When the unit is first discovered by the FortiManager system. If using the FortiManager system to manage the FortiGate unit from the start, you will not observe the policy reordering behavior.

Firewall policy reordering on first installation

Configuring a device

Configuring a FortiGate unit using the Device Manager dashboard toolbar is very similar to configuring FortiGate units using the FortiGate GUI. You can also save the configuration changes to the configuration repository and install them to other FortiGate units at the same time.

This document does not provide detailed procedures for configuring FortiGate units. See the FortiGate documentation for complete information. The most up-to-date FortiGate documentation is also available in the Fortinet Document Library.

To configure a FortiGate unit:

  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the content pane, select a device.
  4. From the Install menu, select Install Config.
  5. When the installation configuration is complete, click Finish.

    The configuration changes are saved to the FortiManager device database instead of the FortiManager repository represented by the Revision History window.

To view the history of the configuration installation, click the View History button in the History column to open the Install History dialog box. This can be particularly useful if the installation fails.

You can rename and reapply firewall objects after they are created and applied to a firewall policy. When you do so, the FortiManager system will: delete all dependencies, delete the object, recreate a new object with the same value, and recreate the policy to reapply the new object.

Firewall policy reordering on first installation

On the first discovery of a FortiGate unit, the FortiManager system will retrieve the unit's configuration and load it into the Device Manager. After you make configuration changes and install them, you may see that the FortiManager system reorders some of the firewall policies in the FortiGate unit’s configuration file.

This behavior is normal for the following reasons:

  • The FortiManager system maintains the order of policies in the actual order you see them and manipulate them in the GUI, whereas the FortiGate unit maintains the policies in a different order (such as order of creation).
  • When loading the policy set, the FortiManager system re-organizes the policies according to the logical order as they are shown in the user interface. In other words, FortiManager will group all policies that are organized within interface pairs (internal -> external, port1 -> port3, etc.).

The FortiManager system does not move policies within interface pairs. It will only move the configuration elements so that policies with the same source/destination interface pairs are grouped together.

This behavior would only be seen:

  • On the first installation.
  • When the unit is first discovered by the FortiManager system. If using the FortiManager system to manage the FortiGate unit from the start, you will not observe the policy reordering behavior.