Device Configurations – FortiManager 5.2

Downloading and importing a configuration file

You can download a configuration file to a local computer. You can also import the file back to the FortiManager repository.

To download a configuration file to a local computer:

  1. In the content pane with a device already selected, go to the Configuration and Installation Status widget, in the Total Revisions row, select Revision History.
  2. Select the ID for the revision you want to download.
  3. Select the Download
  4. Select Regular or Encrypted download type. If you select Encrypted Download, type a password.
  5. Select OK.
  6. Specify a location to save the configuration file on the local computer.
  7. Select Save.

To import a configuration file from a local computer:

  1. In the content pane with a device already selected, go to the Configuration and Installation Status widget, in the Total Revisions row, select Revision History.
  2. Select Import.
  3. Select the location of the configuration file or choose Browse to locate the file.

Managing configuration revision history

  1. If the file is encrypted, select the File is Encrypted check box and type the password.
  2. Select OK.

Comparing different configuration files

You can compare the changes or differences between two versions of a configuration file by using the Diff function.

The Diff function behaves differently under certain circumstances.

For example, when a device is first added to the FortiManager system, the FortiManager system gets the configuration file directly from the FortiGate unit and stores it as is. This configuration file is version/ID 1.

If you make changes to the device configuration on Device Manager tab and select Commit, the new configuration file will be saved as version/ID 2. If you use the Diff icon to view the changes/differences between version/ID 1 and version/ID 2, you will be shown more changes than you have made.

This happens because the items in the file version/ID 1 are ordered as they are on the FortiGate unit. Configurations of version/ID 2 are sequenced differently when they are edited and committed in the Device Manager. Therefore, when you compare version/ID 1 and version/ID 2, the Diff function sees every item in the configuration file as changed.

If you take version/ID 2, change an item and commit it, the tag is changed to version/ID 3. If you use Diff with version/ID 2 and version/ID 3, only the changes that you made will be shown. This is because version/ID 2 and version/ID 3 have both been sequenced in the same way in the Device Manager.

The following procedures assume that you are already viewing the devices’ menus in the left-hand pane.

To compare different configuration files:

  1. In the content pane with a device already selected, go to the Configuration and Installation Status widget, in the Total Revisions row, select Revision History.
  2. In the Total Revisions row, select the Revision Diff icon, .
Revision diff dialog box
  1. Select either the previous version or specify a different configuration version to compare in Diff From.
  2. Select whether to display the full configuration file (Full Content) or only the differences (Diff Only) in Output.

The Full Content mode shows all configuration settings and highlights all configuration differences while the Diff Only mode solely highlights configuration differences.

  1. Select Apply.

The configuration differences are displayed in colored highlights:

To revert to another configuration file:

  1. In the content pane with a device already selected, go to the Configuration and Installation Status widget, in the Total Revisions row, select Revision History.
  2. Select the Revert icon for the revision you want to revert to.
  3. Select OK.

 

This entry was posted in Administration Guides, FortiManager and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.