Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
asrour
Staff
Staff

Created on ‎10-19-2023 10:48 PM Edited on ‎10-19-2023 10:49 PM By Community Manager

Article Id 280034

Technical Tip: When a retrieve is not enough, it requires an import

Description

This article describes the difference between Retrieve and Import actions, and why the latter sometimes requires to properly synchronizing changes made on the FortiGate with FortiManager.

To explain the purpose of the Import, this article also describes the difference between a FortiGate Device-level database and the ADOM database, which is shared by all FortiGates in that ADOM.
Scope FortiManager.
Solution

To understand why Import is important, take a look at two types of databases in FortiManager:

 

  • Device database: FortiManager maintains a device database for each managed device, and it is possible to access the device database for each device. The device database is used to view and monitor information about individual devices. It is also possible to use the device database to configure individual devices.

 

  • Policy and Object database: This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules.

 

  1. The Device database.

The device DataBase (DB) includes the device level settings which are the settings that are displayed in Device Manager and are per each device.

These include but are not limited to:

  • Network Settings such as Interfaces, Routing, DNS ….
  • System settings such as Administrators, Admin settings, SNMP ….
  • Security Fabric Settings.
  • VPN settings (IPSec tunnels).
  • Log & Report Settings.

 

  1. The Policy and Objects database includes the Policies of the firewall and the related objects.

These include but are not limited to:

  • Firewall Policies.
  • Addresses and Address groups, VIPs , Services and Service Groups, IP Pools.
  • Security Profiles (Web filter, App filters, DNS filters ….).
  • Fabric and External connectors.
  • Users and Authentication.

 

Retrieve vs Import.

 

Retrieve:

In the Device Manager, it is possible 'to double-click' on the Firewall and go to Dashboard -> Configuration and installation widget -> total revisions -> retrieve config.

 

Retreive-Conf.png

 

After the retrieve, the Config Status will be synchronized.

 

synced.png

 

  • The running configuration revision on the FortiGate will be retrieved to the FortiManager (which includes the Device Manager Database & Policy and Objects Database).
  •  Any changes in the device database (done on the FortiGate directly) will be reflected immediately in the FortiManager Device Manager database.
  • Any changes in policy and objects will NOT be updated in the Policy and Objects database in FortiManager.

 

Import:

To update these changes in Policy and Objects, it is necessary to import configuration from the firewall.

 

This can be done by 'right-clicking' on the firewall and selecting Import Configuration.

 

image.png.09f1aa9a0b6b3032b965502b94a0fc80.png

 

Then follow the wizard to import the policies and objects from the FortiGate.

 

Note:

The import is done from the latest revision that is in Device Manager, so always make sure that the config status is green before importing.

 

 

 

504
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.