dm | FortiManager 7.4.8 | Fortinet Document Library

dm

Use this command to configure Deployment Manager (DM) settings.

Syntax

config system dm

set concurrent-install-image-limit <integer>

set concurrent-install-limit <integer>

set concurrent-install-script-limit <integer>

set conf-merge-after-script {enable | disable}

set discover-timeout <integer>

set dpm-logsize <integer>

set fgfm-auto-retrieve-timeout <integer>

set fgfm-install-refresh-count <integer>

set fgfm-sock-timeout <integer>

set fgfm_keepalive_itvl <integer>

set force-remote-diff {enable | disable}

set fortiap-refresh-cnt <integer>

set fortiap-refresh-itvl <integer>

set fortiext-refresh-cnt <integer>

set handle-nonhasync-config {enable | disable}

set install-fds-timeout <integer>

set install-image-timeout <integer>

set install-tunnel-retry-itvl <integer>

set log-autoupdate {enable | disable}

set max-revs <integer>

set nr-retry <integer>

set retry {enable | disable}

set retry-intvl <integer>

set rollback-allow-reboot {enable | disable}

set script-logsize <integer>

set skip-scep-check {enable | disable}

set skip-tunnel-fcp-req {enable | disable}

set verify-install {enable | disable | optimal}

end

Variable	Description
concurrent-install-image-limit <integer>	The maximum number of concurrent installs (1 - 1000, default = 500).
concurrent-install-limit <integer>	The maximum number of concurrent installs (5 - 2000, default = 480).
concurrent-install-script-limit <integer>	The maximum number of concurrent install scripts (5 - 2000, default = 480).
conf-merge-after-script {enable \| disable}	Merge config after running the script on the remote device, instead of a full retrieve (default = disable).
discover-timeout <integer>	Check connection timeout when discovering a device (3 - 15, default = 6).
dpm-logsize <integer>	The maximum DPM log size per device, in kilobytes (1 - 10000, default = 10000).
fgfm-auto-retrieve-timeout <integer>	The maximum waiting time for auto retrieve in seconds (60 - 10800, default = 1800).
fgfm-install-refresh-count <integer>	The maximum FGFM install refresh attempts (default = 10).
fgfm-sock-timeout <integer>	The maximum FGFM communication socket idle time, in seconds (90 - 1800, default = 360).
fgfm_keepalive_itvl <integer>	The FortiManager/FortiGate communication protocol keep alive interval, in seconds (30 - 600, default = 120).
force-remote-diff {enable \| disable}	Enable/disable always using remote diff when installing (default = disable).
fortiap-refresh-cnt <integer>	Maximum auto refresh FortiAP number each time (1 - 10000, default = 500).
fortiap-refresh-itvl <integer>	Auto refresh FortiAP status interval, in minutes (1 - 1440, 0 to disable, default = 10).
fortiext-refresh-cnt <integer>	Maximum device number for FortiExtender auto refresh (1 - 10000, default = 50).
handle-nonhasync-config {enable \| disable}	Enable/disable nonhasync config handling (default = disable). `Disable`: Ignores and skips any `nonhasync` configuration installation to the remote device (FortiGate). `Enable`: Installs `nonhasync` configurations to the remote device (FortiGate). Allows updates to the nonhasync configurations and cluster member configurations. FortiGate configurations identified as `nonhasync` vary by platform and model and include HA configurations, `vdom-exception` configurations, and per-platform objects.
install-fds-timeout <integer>	Maximum waiting time for fgt update during install, in minutes (1-30, default 10).
install-image-timeout <integer>	Maximum waiting time for image transfer and device upgrade, in seconds (600 - 7200, default = 3600).
install-tunnel-retry-itvl <integer>	Time to re-establish tunnel during install, in seconds (10 - 60, default = 60).
log-autoupdate {enable \| disable}	Enable/disable autoupdate debug logging (default = disable).
max-revs <integer>	The maximum number of revisions saved (1 - 250, default = 100).
nr-retry <integer>	The number of times the FortiManager unit will retry (default = 1).
retry {enable \| disable}	Enable/disable configuration installation retries (default = enable).
retry-intvl <integer>	The interval between attempting another configuration installation following a failed attempt (default = 15).
rollback-allow-reboot {enable \| disable}	Enable/disable allowing a FortiGate unit to reboot when installing a script or configuration (default = disable).
script-logsize <integer>	Enter the maximum script log size per device, in kilobytes (1 - 10000, default = 100).
skip-scep-check {enable \| disable}	Enable/disable installing scep related objects even if the scep URL is configured (default = disable).
skip-tunnel-fcp-req {enable \| disable}	Enable/disable skipping the FCP request sent from an FGFM tunnel (default = enable).
verify-install {enable \| disable \| optimal}	Enable/disable verify install against remote configuration: `disable`: Disable. `enable`: Always verify installation (default). `optimal`: Verify installation for command errors.

Example

This example shows how to set up configuration installations. It shows how to set 5 attempts to install a configuration on a FortiGate device, waiting 30 seconds between attempts.

config system dm

set retry enable

set nr-retry 5

set retry-intvl 30

end

dm

Use this command to configure Deployment Manager (DM) settings.

Syntax

config system dm

set concurrent-install-image-limit <integer>

set concurrent-install-limit <integer>

set concurrent-install-script-limit <integer>

set conf-merge-after-script {enable | disable}

set discover-timeout <integer>

set dpm-logsize <integer>

set fgfm-auto-retrieve-timeout <integer>

set fgfm-install-refresh-count <integer>

set fgfm-sock-timeout <integer>

set fgfm_keepalive_itvl <integer>

set force-remote-diff {enable | disable}

set fortiap-refresh-cnt <integer>

set fortiap-refresh-itvl <integer>

set fortiext-refresh-cnt <integer>

set handle-nonhasync-config {enable | disable}

set install-fds-timeout <integer>

set install-image-timeout <integer>

set install-tunnel-retry-itvl <integer>

set log-autoupdate {enable | disable}

set max-revs <integer>

set nr-retry <integer>

set retry {enable | disable}

set retry-intvl <integer>

set rollback-allow-reboot {enable | disable}

set script-logsize <integer>

set skip-scep-check {enable | disable}

set skip-tunnel-fcp-req {enable | disable}

set verify-install {enable | disable | optimal}

end

Variable	Description
concurrent-install-image-limit <integer>	The maximum number of concurrent installs (1 - 1000, default = 500).
concurrent-install-limit <integer>	The maximum number of concurrent installs (5 - 2000, default = 480).
concurrent-install-script-limit <integer>	The maximum number of concurrent install scripts (5 - 2000, default = 480).
conf-merge-after-script {enable \| disable}	Merge config after running the script on the remote device, instead of a full retrieve (default = disable).
discover-timeout <integer>	Check connection timeout when discovering a device (3 - 15, default = 6).
dpm-logsize <integer>	The maximum DPM log size per device, in kilobytes (1 - 10000, default = 10000).
fgfm-auto-retrieve-timeout <integer>	The maximum waiting time for auto retrieve in seconds (60 - 10800, default = 1800).
fgfm-install-refresh-count <integer>	The maximum FGFM install refresh attempts (default = 10).
fgfm-sock-timeout <integer>	The maximum FGFM communication socket idle time, in seconds (90 - 1800, default = 360).
fgfm_keepalive_itvl <integer>	The FortiManager/FortiGate communication protocol keep alive interval, in seconds (30 - 600, default = 120).
force-remote-diff {enable \| disable}	Enable/disable always using remote diff when installing (default = disable).
fortiap-refresh-cnt <integer>	Maximum auto refresh FortiAP number each time (1 - 10000, default = 500).
fortiap-refresh-itvl <integer>	Auto refresh FortiAP status interval, in minutes (1 - 1440, 0 to disable, default = 10).
fortiext-refresh-cnt <integer>	Maximum device number for FortiExtender auto refresh (1 - 10000, default = 50).
handle-nonhasync-config {enable \| disable}	Enable/disable nonhasync config handling (default = disable). `Disable`: Ignores and skips any `nonhasync` configuration installation to the remote device (FortiGate). `Enable`: Installs `nonhasync` configurations to the remote device (FortiGate). Allows updates to the nonhasync configurations and cluster member configurations. FortiGate configurations identified as `nonhasync` vary by platform and model and include HA configurations, `vdom-exception` configurations, and per-platform objects.
install-fds-timeout <integer>	Maximum waiting time for fgt update during install, in minutes (1-30, default 10).
install-image-timeout <integer>	Maximum waiting time for image transfer and device upgrade, in seconds (600 - 7200, default = 3600).
install-tunnel-retry-itvl <integer>	Time to re-establish tunnel during install, in seconds (10 - 60, default = 60).
log-autoupdate {enable \| disable}	Enable/disable autoupdate debug logging (default = disable).
max-revs <integer>	The maximum number of revisions saved (1 - 250, default = 100).
nr-retry <integer>	The number of times the FortiManager unit will retry (default = 1).
retry {enable \| disable}	Enable/disable configuration installation retries (default = enable).
retry-intvl <integer>	The interval between attempting another configuration installation following a failed attempt (default = 15).
rollback-allow-reboot {enable \| disable}	Enable/disable allowing a FortiGate unit to reboot when installing a script or configuration (default = disable).
script-logsize <integer>	Enter the maximum script log size per device, in kilobytes (1 - 10000, default = 100).
skip-scep-check {enable \| disable}	Enable/disable installing scep related objects even if the scep URL is configured (default = disable).
skip-tunnel-fcp-req {enable \| disable}	Enable/disable skipping the FCP request sent from an FGFM tunnel (default = enable).
verify-install {enable \| disable \| optimal}	Enable/disable verify install against remote configuration: `disable`: Disable. `enable`: Always verify installation (default). `optimal`: Verify installation for command errors.

Example

This example shows how to set up configuration installations. It shows how to set 5 attempts to install a configuration on a FortiGate device, waiting 30 seconds between attempts.

config system dm

set retry enable

set nr-retry 5

set retry-intvl 30

end

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

dm

dm

Syntax

Example

dm

dm

Syntax

Example