Fortinet black logo

Example

Copy Link
Copy Doc ID 067f5236-ca6d-11e9-8977-00505692583a:679515
Download PDF

Example

The following scenario is an example of an installation configuration from a FortiManager 400E unit to a FortiGate 60E device that tries to change the FortiGate’s management IP (WAN1) and causes the fgfm connection to break down.

The original configuration on the FortiGate:

config system interface

edit “wan1”

set vdom “root”

set ip 192.168.48.81 255.255.255.0

set allowaccess ping https ssh snmp http telnet fgfm

set type physical

next

end

If you were to change the FortiGate WAN1 interface's IP address to 192.168.49.81/24 and then attempt to install the configuration change, the fgfm connection would break.

Note

To enable the following viewing, you must log in to the FortiGate CLI with the administrative account and enter the following debug commands:

# diagnose debug enable

# diagnose debug cli 8

You will see the following log on the FortiGate CLI during install:

0: get sys status

0: get system mgmt-csum

0: config system interface

0: edit “wan1”

0: set ip 192.168.49.81 255.255.255.0

0: next

0: end

The configuration change will break the fgfm connection, causing the FortiGate unit to attempt to reconnect for 900 seconds. If the FortiGate cannot reconnect, it will rollback to its previous configuration.

You will see the following log when the FortiGate performs the rollback:

0: config system interface

0: edit “wan1”

0: set ip 192.168.48.81 255.255.255.0

0: next

0: end

0: config system interface

0: edit “modem”

-23: unset type

0: next

0: end

0: config system central-management

0: end

Example

The following scenario is an example of an installation configuration from a FortiManager 400E unit to a FortiGate 60E device that tries to change the FortiGate’s management IP (WAN1) and causes the fgfm connection to break down.

The original configuration on the FortiGate:

config system interface

edit “wan1”

set vdom “root”

set ip 192.168.48.81 255.255.255.0

set allowaccess ping https ssh snmp http telnet fgfm

set type physical

next

end

If you were to change the FortiGate WAN1 interface's IP address to 192.168.49.81/24 and then attempt to install the configuration change, the fgfm connection would break.

Note

To enable the following viewing, you must log in to the FortiGate CLI with the administrative account and enter the following debug commands:

# diagnose debug enable

# diagnose debug cli 8

You will see the following log on the FortiGate CLI during install:

0: get sys status

0: get system mgmt-csum

0: config system interface

0: edit “wan1”

0: set ip 192.168.49.81 255.255.255.0

0: next

0: end

The configuration change will break the fgfm connection, causing the FortiGate unit to attempt to reconnect for 900 seconds. If the FortiGate cannot reconnect, it will rollback to its previous configuration.

You will see the following log when the FortiGate performs the rollback:

0: config system interface

0: edit “wan1”

0: set ip 192.168.48.81 255.255.255.0

0: next

0: end

0: config system interface

0: edit “modem”

-23: unset type

0: next

0: end

0: config system central-management

0: end