Configuration Confirmation on Fortigate

I am not a “Juniper guy” but I will say that their ‘commit confirm’ command is brilliant. Every engineer that has worked on gear remotely does the “three-finger validation” keystroke. That is when you make the change and hit the ‘enter’ key three times to ensure you are still connected.

In Cisco, you can do a ‘reload in %minutes%’. I have a timer on my MacBook that is set for 8 minutes. I have a workflow that every time I enter the “reload in” I use 10 Minutes. So the clock will pop up in 8 minutes and literally says “cancel the reload stupid”. I cannot tell you how many times I did the reload in 10, made my changes, and continued only to have the device reboot on me because I forgot to cancel it.

Fortigates also have the ability to do the same. Here is the specifics.

Fortigates will auto-save the changes you make when you hit the OK or Apply buttons. From the command line, it auto-saves when you type ‘end’ or ‘next’. This CAN be a problem for obvious reasons. If you were to make a change where you modify the routing table, and it was added in error, you COULD lose connectivity to the device.

config system global
set cfg-save revert
set cfg-revert-timeout 600
end

The timeout specifies the timeframe in seconds in which you have to save the configuration manually, otherwise it is reverted.

What the above command means is that you will need to confirm the changes within 600 seconds or the previous config is restored.

You can make this change before you make a risky change and once completed, you can reverse it with the following command:

config system global
set cfg-save automatic
end

If you are on the CLI and want to confirm the configuration

enter the exec cfg save command .

Hope this helps

Thanks to my colleague Omar Ortiz