Fortinet black logo

Configuration Management

Copy Link
Copy Doc ID dd09e35b-031d-11e9-b86b-00505692583a:51427
Download PDF

Configuration Management

If there is more than one admin account per ADOM, enable workspace - either normal or workflow to control concurrent operator usage. See Concurrent administrators.

Use FortiManager to make FortiGate changes, rather than making changes in the FortiGate GUI. If changes will by made in the FortiGate GUI, use Backup Mode. See Normal versus Backup Mode.

When importing policy packages:

  • Be careful when handling object conflicts: Choosing the FortiGate value will override the FortiManager value and might affect other FortiGates in that ADOM. See What to do when an object conflict occurs.
  • Include unused objects if you think you might use them in the future: FortiManager will remove unused objects on the FortiGate during the next install. Note that periodic cleanup of unused objects at the ADOM level is recommended. See What to do with unused objects.
  • Download the Import Policy Report if you need a record of the import, including any changes made to objects to resolve object conflicts. See Import report.

When installing policy packages (see Installing policy packages):

  • Each managed device should only have one policy package associated with it. This reduces the chances of administrative error when installing a policy package.
  • When installing a policy package, review the Install Preview before completing the install.

Configuration Management

If there is more than one admin account per ADOM, enable workspace - either normal or workflow to control concurrent operator usage. See Concurrent administrators.

Use FortiManager to make FortiGate changes, rather than making changes in the FortiGate GUI. If changes will by made in the FortiGate GUI, use Backup Mode. See Normal versus Backup Mode.

When importing policy packages:

  • Be careful when handling object conflicts: Choosing the FortiGate value will override the FortiManager value and might affect other FortiGates in that ADOM. See What to do when an object conflict occurs.
  • Include unused objects if you think you might use them in the future: FortiManager will remove unused objects on the FortiGate during the next install. Note that periodic cleanup of unused objects at the ADOM level is recommended. See What to do with unused objects.
  • Download the Import Policy Report if you need a record of the import, including any changes made to objects to resolve object conflicts. See Import report.

When installing policy packages (see Installing policy packages):

  • Each managed device should only have one policy package associated with it. This reduces the chances of administrative error when installing a policy package.
  • When installing a policy package, review the Install Preview before completing the install.