Fortinet black logo

Administration Guide

Auto-update and auto-retrieve

Auto-update and auto-retrieve

The auto-retrieve operation is only invoked if the FortiGate fails to initiate an auto-update operation. When FortiManager detects a change on the FortiGate, it automatically retrieves the full configuration.

The auto-update operation is enabled by default. To disable auto-update and allow the administrator to accept or refuse updates, use the following CLI commands:

config system admin setting

set auto-update disable

end

When a change is made on the FortiGate, but the change is not initiated by a FortiManager install operation, the FortiGate automatically sends the configuration changes to FortiManager. If the change from FortiGate is a device level setting, the policy layer status in FortiManager remains unchanged. If the change from FortiGate is a policy level setting, the policy layer status in FortiManager might change to Conflict status. It is highly recommended to always modify settings on FortiManager and not on FortiGate.

Auto-update and auto-retrieve

The auto-retrieve operation is only invoked if the FortiGate fails to initiate an auto-update operation. When FortiManager detects a change on the FortiGate, it automatically retrieves the full configuration.

The auto-update operation is enabled by default. To disable auto-update and allow the administrator to accept or refuse updates, use the following CLI commands:

config system admin setting

set auto-update disable

end

When a change is made on the FortiGate, but the change is not initiated by a FortiManager install operation, the FortiGate automatically sends the configuration changes to FortiManager. If the change from FortiGate is a device level setting, the policy layer status in FortiManager remains unchanged. If the change from FortiGate is a policy level setting, the policy layer status in FortiManager might change to Conflict status. It is highly recommended to always modify settings on FortiManager and not on FortiGate.