Skip to main content
LabFound
  1. Fortinet/

FortiManager - Installing Configuration Changes

·
Fortimanager Fortigate
Table of Contents

When managing FortiGate devices with FortiManager, configuration changes made in the device database are not applied automatically. This article explains how to install device-level configuration changes on managed FortiGate devices using FortiManager, covering the Install Wizard and Quick Install methods.

Installing Device Settings
#

After making changes to a managed device configuration from FortiManager, they are not automatically applied to the FortiGate. Different installation methods exist for actually applying device settings to a managed FortiGate, including:

  • Install Wizard
    • Install Policy Package & Device Settings
    • Install Device Settings (only)
  • Quick Install (Device DB)

For example, an interface administrative access is changed on a managed FortiGate:

  1. Under Device Manager > Device & Groups, select the desired device to be configured.
  2. In this example, port7 is edited:
Edit network interface on FortiManager
  1. HTTPS and SSH administrative access is enabled on the device:
Edit administrative access of network interface on FortiManager
  1. Returning to the managed devices list, verify the Config Status of the device has been changed from Synchronized to Modified:
Config Status changed from Synchronized to Modified on FortiManager
  1. Navigating to the device database, go to Dashboard: Summary and scroll down to the Configuration and Installation widget. Here, the Install Preview option allows to verify the changes made to the device database on FortiManager:
Install preview on device database on FortiManager

This preview includes the commands that will be configured on the FortiGate once they are send for installation:

Install preview on FortiManager

Up to this point, the FortiGate managed device hasn’t received these changes. These must be applied using one of the installation methods on FortiManager. Following, the different install methods are discussed and tested.

Install Wizard
#

To install changes on a managed device from FortiGate using the Install Wizard, follow these steps:

  1. Under Device Manager > Device & Groups, select the device (or devices) where new configuration settings will be applied. Then select Install > Install Wizard (alternatively, select the Install Wizard option at the top bar):
Install wizard option on FortiManager
  1. As the first step of the Install Wizard, the Install Device Settings (only) option is selected in this case. However, the install wizard provides two options.
  • Install Policy Package & Device Settings - select this option if changes have been made to the device-level configuration and policies in the policy packages:
Install Policy Package & Device Settings option on Install Wizard step 1 on FortiManager

This option will effectively install the device-specific settings and the policy package changes.

  • Install Device Settings (only) - select this option if only device-level changes been made from FortiManager:
Install Device Settings on Install Wizard step 1 on FortiManager

This option will effectively install device-specific settings but the policy package settings won’t be modified.

  1. On the next step, you can select the device(s) on which you want to install the changes:
Select devices on Install Wizard step 2 on FortiManager
  1. On the third step, FortiManager checks the device settings comparing them with the latest revision history. The Install Preview option allows to view the configuration changes that will be installed on the FortiGate:
Validate devices on Install Wizard step 3 on FortiManager

The installation preview menu allows to download the configuration changes on a TXT file:

Install preview on Install Wizard step 3 on FortiManager

If this validation results in a conflict error, fix the configuration problem and execute the Install Wizard again.

  1. The last step to actually apply the configuration on the managed device(s) is to select the Install option. The installation process starts:
Installation progress on Install Wizard step 4 on FortiManager
  1. Once the installation process finishes, you can select the task and press the View Installation Log button to view the configuration changes installed on the device:
Installation progress completed on Install Wizard step 4 on FortiManager

In case an installation error occurred, the log will reflect where the failure happened:

View install log on Install Wizard step 4 on FortiManager
  1. In case the installation was successful, the device Config Status should now be Synchronized:
Synchronized config status after Install wizard completed

A new configuration revision is also created:

Configuration revision history after install wizard

Quick Install (Device DB)
#

An alternative option for installing device-level settings on managed devices from FortiManager is to use the Quick Install (Device DB) installation. This is a faster way for applying changes compared to Install Wizard, however you can’t preview these changes before applying them.

If you are not sure about what changes will be applied when using Quick Install (Device DB), use the Install Wizard instead to have a preview of these changes.

To use the Quick Install (Device DB) installation method, follow these steps:

  1. Under Device Manager > Device & Groups, select the device (or devices) where new configuration settings will be applied. Next, select Install > Quick Install (Device DB):
Quick install option on FortiManager
  1. The device-level settings will be applied right after pressing OK:
Quick install confirmation on FortiManager
  1. Wait for the installation to complete and press Finish:
Quick install completed on FortiManager

Once the process finishes or interrupts because of an error you can use the View Installation Log button to get more details.

Installation Process Summary
#

This diagram explains two different processes regarding device-level settings changes and the installation process on FortiManager:

FortiManager installation process diagram
Diagram based on FortiManager 7.6 Administrator Study Guide (pg. 122)
  1. When making changes to the device-level database it gets compared to the latest configuration revision of the managed device. If they don’t match, the device config status is changed to Modified.
  2. When running the Install Wizard to install changes on a managed device, FortiManager compares the latest configuration revision with the device-level database. In case they are different, FortiManager creates a new configuration revision, install the changes on the managed devices and changes the managed device config status to Synchronized if the changes were successfully installed.