Fortinet black logo

FGFM recovery logic

Copy Link
Copy Doc ID 067f5236-ca6d-11e9-8977-00505692583a:141304
Download PDF

FGFM recovery logic

For each install:

  • The FortiManager sends the following to the FortiGate:
    • a listing of the set commands needed to apply the configurations changes
    • a listing of the unset commands that would revert the configuration changes
  • The FortiGate uses the following logic when applying changes:
    • apply the set commands, using memory only, nothing written to a configuration file
    • test the fgfm connection to the FortiManager
    • if the connection goes down, it applies the unset commands
    • retest the fgfm connection
    • if connection remains down, the FortiGate unit reboots to recover the previous configuration from its config file

The final step above is optional and can be enabled and disabled via the CLI using the following command:

config system dm

set rollback-allow-reboot {enable |disable}

end

FGFM recovery logic

For each install:

  • The FortiManager sends the following to the FortiGate:
    • a listing of the set commands needed to apply the configurations changes
    • a listing of the unset commands that would revert the configuration changes
  • The FortiGate uses the following logic when applying changes:
    • apply the set commands, using memory only, nothing written to a configuration file
    • test the fgfm connection to the FortiManager
    • if the connection goes down, it applies the unset commands
    • retest the fgfm connection
    • if connection remains down, the FortiGate unit reboots to recover the previous configuration from its config file

The final step above is optional and can be enabled and disabled via the CLI using the following command:

config system dm

set rollback-allow-reboot {enable |disable}

end