The auto-retrieve operation is only invoked if the FortiGate fails to initiate an auto-update operation. When FortiManager detects a change on the FortiGate, it automatically retrieves the full configuration.
The auto-update operation is enabled by default. To disable auto-update and allow the administrator to accept or refuse updates, use the following CLI commands:
config system admin setting
set auto-update disable
When a change is made on the FortiGate, but the change is not initiated by a FortiManager install operation, the FortiGate automatically sends the configuration changes to FortiManager. If the change from FortiGate is a device level setting, the policy layer status in FortiManager remains unchanged. If the change from FortiGate is a policy level setting, the policy layer status in FortiManager might change to Conflict status. It is highly recommended to always modify settings on FortiManager and not on FortiGate.