FGFM recovery logic
For each install:
-
The FortiManager sends the following to the FortiGate:
-
a listing of the set commands needed to apply the configurations changes
-
a listing of the unset commands that would revert the configuration changes
-
-
The FortiGate uses the following logic when applying changes:
-
apply the set commands, using memory only, nothing written to a configuration file
-
test the fgfm connection to the FortiManager
-
if the connection goes down, it applies the unset commands
-
retest the fgfm connection
-
if connection remains down, the FortiGate unit reboots to recover the previous configuration from its config file
-
The final step above is optional and can be enabled and disabled via the CLI using the following command:
config system dm
set rollback-allow-reboot {enable |disable}
end