Technical Tip: How to use the 'Auto-Push Policy Packages When Device Back Online' feature on FortiManager

lingky88 · ‎11-05-2023

Description

This article describes how the 'Auto-Push Policy Packages When Device Back Online' feature is used on FortiManager.

Scope

FortiManager.

Solution

The 'Auto-Push Policy Packages When Device Back Online' feature is designed to select offline devices to install and then install the changes to them. When the device comes back online, the installation will then be triggered automatically. This can be enabled under System Settings -> All ADOMs -> Edit ADOM Settings.

1. Enable setting.png

2. Device Offline.png

Make a change to the Policy Package, i.e. create a new firewall policy on FortiManager, and note that the policy package status will be Modified after.

3. Make Change.png

4. No policy on FGT.png

On the FortiManager, install the policy package and device settings onto the FortiGate that is currently offline. Note that after installing, a message stating that 'Copy to offline device(<device_name>) done. Install will be performed when the device goes online' will appear.

Note:
If the 'Auto-Push Policy Packages When Device Back Online' feature is NOT enabled for the ADOM, it is not possible to install on an offline device.

5. Install Wizard.png

The Config Status will then become Modified, whereas the Policy Package Status becomes Synchronized for the offline device.

6. Status.png

Wait for the FortiGate to come back online. Afterwards, FortiManager will push the installation. If the installation is successful, the Config Status becomes Synchronized. Under the Revision History, an entry for the AutoPush will be visible.

7. AutoPush.png

Under the Task Monitor, an entry that shows that the AutoPush took place will be also visible.

8. Task Monitor.png

Lastly, verify that the newly created policy that was created when the device was offline is now present on the FortiGate.

9. New Policy Present.png