Config Save Revert on a FortiGate

Post author:Peter Bruderer
Post published:21.02.2018
Post category:Fortinet

By default, a FortiGate does autosave the configuration, every time you press Apply or OK in the GUI.

On the CLI the config becomes active and is saved when you leave a config block by typing next or end.

If you configure something on your FortiGate which disables the connectivity from you to your firewall, this behaviour is bad.

It is possible on the FortiGate to change it to “Config Save Revert”. Now you have to save the configuration manually in a specified time frame, otherwise the change is reverted.

Example: You change the default gateway. When you press enter, you realise you made a typo and the firewall is not reachable anymore.

Before you do now dangerous modifications, change the behaviour of the FortiGate.

config system global
        set cfg-save revert
        set cfg-revert-timeout 600
end

The timeout specifies the timeframe in seconds in which you have to save the configuration manually, otherwise it is reverted.

If you have done your change and your are happy, type

execute cfg save

and everything is fine. Otherwise you wait 600 seconds and the FortiGate reverts the change.

Now you can put the FortiGate back to normal behaviour:

config system global
        set cfg-save automatic
end

Tags: Commandline, Fortigate

You Might Also Like

diag sys top – List processes on a FortiGate

FortiGate Command Line Shortcuts

FortiGate Session Timeout