Appendix A - managed FortiGate CLI objects and attributes

SD-WAN Orchestrator MEA can create and manage some, but not all FortiGate CLI objects and attributes. SD-WAN Orchestrator MEA uses two methods to manage objects. Some objects are managed by the first method, and some objects are managed by the second method. SD-WAN Orchestrator MEA uses the following methods to manage FortiOS CLI objects:

Manage partial objects for a FortiOS command and use an ID, name, or description to indicate when an object is managed by SD-WAN Orchestrator MEA
For example, with the config router static command, SD-WAN Orchestrator MEA only manages ID range 1,000,000 to 1,100,000. If you create a static route with ID = 100 on FortiGate or FortiManager, SD-WAN Orchestrator MEA does not touch the static route.
Manage all objects for a FortiOS command
When this method is used, it affects some objects created by FortiOS or FortiManager. When you create a FortiGate object by using FortiOS or FortiManager, the object is removed by SD-WAN Orchestrator MEA when the Install configuration option is executed.

For example, if you use FortiOS or FortiManager to create an SD-WAN health-check server with name XXX by using the config system sdwan -> config health-check command, SD-WAN Orchestrator MEA removes the health-check server with name XXX when you execute the Install configuration option.

SD-WAN Orchestrator MEA uses the following methods to manage different attributes of FortiOS CLI objects:

For attributes managed by SD-WAN Orchestrator MEA, you can use FortiOS or FortiManager to change the attribute, but SD-WAN Orchestrator MEA overwrites the change.
For example, SD-WAN Orchestrator MEA was used to configure a static route:

Config router static

edit 1000001

set dst 10.248.0.0 255.252.0.0

set comment "SDWAN.Orchestrator.created.automatically."

set blackhole enable

next

end

SD-WAN Orchestrator MEA manages following static route attributes: device, distance, priority, gateway, dst, virtual-wan-link, sdwan, comment, blackhole, status

If you change the static route by using FortiOS to:

Config router static

edit 1000001

set dst 10.248.0.0 255.252.0.0

set comment "SDWAN.Orchestrator.created.automatically."

set blackhole disable

next

end

SD-WAN Orchestrator MEA overwrites the change made by FortiOS and sets blackhole back to enable.
For attributes not managed by SD-WAN Orchestrator MEA, you can change the attributes using any method you like, and SD-WAN Orchestrator MEA does not change the attribute.
Some attributes are initiated by SD-WAN Orchestrator MEA, but not managed by SD-WAN Orchestrator MEA. In this case, SD-WAN Orchestrator MEA sets the attribute when it creates the object, but you can change the attribute using any method you like, and SD-WAN Orchestrator MEA will not overwrite your changes.

SD-WAN Orchestrator MEA manages the following FortiGate CLI objects and attributes:

For information about all FortiOS configuration commands, see the FortiOS 7.0 CLI Reference.

Appendix A - managed FortiGate CLI objects and attributes

Manage partial objects for a FortiOS command and use an ID, name, or description to indicate when an object is managed by SD-WAN Orchestrator MEA

For example, with the config router static command, SD-WAN Orchestrator MEA only manages ID range 1,000,000 to 1,100,000. If you create a static route with ID = 100 on FortiGate or FortiManager, SD-WAN Orchestrator MEA does not touch the static route.

Manage all objects for a FortiOS command

When this method is used, it affects some objects created by FortiOS or FortiManager. When you create a FortiGate object by using FortiOS or FortiManager, the object is removed by SD-WAN Orchestrator MEA when the Install configuration option is executed.

For example, if you use FortiOS or FortiManager to create an SD-WAN health-check server with name XXX by using the config system sdwan -> config health-check command, SD-WAN Orchestrator MEA removes the health-check server with name XXX when you execute the Install configuration option.

SD-WAN Orchestrator MEA uses the following methods to manage different attributes of FortiOS CLI objects:

For attributes managed by SD-WAN Orchestrator MEA, you can use FortiOS or FortiManager to change the attribute, but SD-WAN Orchestrator MEA overwrites the change.

For example, SD-WAN Orchestrator MEA was used to configure a static route:

Config router static

edit 1000001

set dst 10.248.0.0 255.252.0.0

set comment "SDWAN.Orchestrator.created.automatically."

set blackhole enable

end

SD-WAN Orchestrator MEA manages following static route attributes: device, distance, priority, gateway, dst, virtual-wan-link, sdwan, comment, blackhole, status

If you change the static route by using FortiOS to:

Config router static

edit 1000001

set dst 10.248.0.0 255.252.0.0

set comment "SDWAN.Orchestrator.created.automatically."

set blackhole disable

end

SD-WAN Orchestrator MEA overwrites the change made by FortiOS and sets blackhole back to enable.

For attributes not managed by SD-WAN Orchestrator MEA, you can change the attributes using any method you like, and SD-WAN Orchestrator MEA does not change the attribute.

Some attributes are initiated by SD-WAN Orchestrator MEA, but not managed by SD-WAN Orchestrator MEA. In this case, SD-WAN Orchestrator MEA sets the attribute when it creates the object, but you can change the attribute using any method you like, and SD-WAN Orchestrator MEA will not overwrite your changes.

SD-WAN Orchestrator MEA manages the following FortiGate CLI objects and attributes:

For information about all FortiOS configuration commands, see the FortiOS 7.0 CLI Reference.

SD-WAN Orchestrator 7.0.0.r2 Administration Guide

Appendix A - managed FortiGate CLI objects and attributes

Appendix A - managed FortiGate CLI objects and attributes

Appendix A - managed FortiGate CLI objects and attributes