Reset:
exe reset all-settings
exe reset all-except-ip !! keep interface and routing configuration
exe format{disk} deep-erase
ADOM:
to devide administration of devices and control (restrict) access
ADOM Mode:
Normal: full access to make changes from FortiManager to ADOM and managed devices
Backup: backup changes always made directly on managed device, on FMG, only script can be used to make changes.
Device manager changes on managed devices are auto updated on FMG revision history
Device manager change only, no Policy & Object changes.
ADOM device Mode:
Normal: A FG to a single ADOM
Normal: A FG to a single ADOM
Advanced: Different VDOMs from the same FG to different ADOMs
Group (ADOM) based on device type, then FortiOS version then others.
Workspace mode
disable concurrent ADOM access
can lock an ADOM, a device or a policy package
only one admin has Read/Write access, others have read-only access
When workspace mode is enabled, Device Manager and Policy & Objects are read-only. You must lock the ADOM, a device, or a policy package before you can make any changes
Moving devices to a different ADOM does not update the policies and objects in the ADOM database. You must import policies and objects into a new ADOM.
Policy change is made on FG
Config Status: Auto-Updated (doesn't reflect the change in GUI Policy Package , but have a new (current) revision history)
Policy Package Status: Out of Synch
Policy change is made on FM:
Config Status: Synchronized (no change)
Policy Package Status: Modified
Device setting change is made on FM
Config Status: Modified
Policy Package Status: Synchronized (Installed)
Device setting change is made on FG
Config Status: Auto-Updated (FM GUI info get updated), if the device setting is from Previsioning Templated, Install will overwrite the change made on FG.
Policy Package Status: Synchronized (Installed)
Device setting change is made on both FM and FG
Config Status: Modified (recent Auto-Updated)
Policy Package Status: Synchronized (Installed)
Either device setting or policy change on FG will set FM Config Status to "Auto-update"
diag dvm device list
diag fgfm session-list
FGFM deamon:
FortiGate: fgfmd
FortiManager: fgfmsd
TCP/541
Fortigate need FGM-Access enabled on the interface to FortiManager
169.254.0.0/24 for tunnels, 169.254.0.1 is FortiManager
use serial# for tunnel authc
diag dvm device list
diag fgfm session-list
Retrieve Config
- Purpose: Downloads the current running or startup configuration from the FortiGate device.
- Scope: Retrieves the full device configuration (system settings, interfaces, policies, etc.).
- Use Case: Typically used to view or back up the current configuration without affecting the policy package.
- Does Not Update: The policy package or objects in FortiManager.
- Policy Package status: changes to Unknown, install policy will set status back to Synchronized.
Import Configuration
- Purpose: Imports the FortiGate configuration into FortiManager and creates or updates a policy package.
- Scope: Parses the retrieved config and maps it to FortiManager’s policy and object database.
- Use Case: Used when you want FortiManager to take over management of a FortiGate or sync changes made directly on the FortiGate.
- Updates: The policy package, objects, and mappings in FortiManager.
Revert config:
This step only affects the device-level configuration. The policy package is not updated yet.
Config Status: Modified
Policy Package Status: unknown.
Comments
Post a Comment