Config Save Revert on a FortiGate

By default, a FortiGate does autosave the configuration, every time you press Apply or OK in the GUI.

On the CLI the config becomes active and is saved when you leave a config block by typing next or end.

If you configure something on your FortiGate which disables the connectivity from you to your firewall, this behaviour is bad.

It is possible on the FortiGate to change it to “Config Save Revert”. Now you have to save the configuration manually in a specified time frame, otherwise the change is reverted.

Example: You change the default gateway. When you press enter, you realise you made a typo and the firewall is not reachable anymore.

Before you do now dangerous modifications, change the behaviour of the FortiGate.

config system global
        set cfg-save revert
        set cfg-revert-timeout 600

The timeout specifies the timeframe in seconds in which you have to save the configuration manually, otherwise it is reverted.

If you have done your change and your are happy, type

execute cfg save

and everything is fine. Otherwise you wait 600 seconds and the FortiGate reverts the change.


Now you can put the FortiGate back to normal behaviour:

config system global
        set cfg-save automatic