Description
This article describes how disable/re-enable automatic synchronization of the FortiAnalyzer and FortiManager configurations, on downstream device, when Security Fabric has been configured.
Scope
FortiGate.
Solution
In Security Fabric topology, central management configuration is done on the root/upstream unit and propagated to the downstream unit(s).
FortiGates need to override these settings, while keeping device in Security Fabric topology, this can be done via CLI using the below commands:
From CLI:
config system csf
set configuration-sync local
end
*local -> Does not synchronize the configuration with the root FortiGate, and FortiGate must configure settings individually.
Should FortiGate need re-enable the synchronization, the command is:
From CLI:
config system csf
set configuration-sync default
end
*default -> Synchronizes the configuration for FortiAnalyzer, FortiSandbox, and Central Management to the root FortiGate
Before disabling automatic synchronization:
After enabling automatic synchronization:
After disabling automatic synchronization:
