From ggiesen at giesen.me  Thu Apr 17 18:55:12 2025
From: ggiesen at giesen.me (Gary T. Giesen)
Date: Thu, 17 Apr 2025 14:55:12 -0400 (EDT)
Subject: [rancid] RANCiD with Fortinet FortiGate firewalls and cfg-save
 revert
In-Reply-To: <Z9n5s0VPDouvTtlE@shrubbery.net>
References: <732315247.965235.1740675746671@office.mailbox.org>
 <Z9n5s0VPDouvTtlE@shrubbery.net>
Message-ID: <2121012939.38997.1744916112613@office.mailbox.org>


> On 2025-03-18 6:54 PM EDT heasley <heas at shrubbery.net> wrote:

> > Has anyone dealt with this issue with RANCiD and cfg-save revert on Fortinet FortiGate firewalls? Is there any solution other than to just disable cfg-save revert (by setting it to automatic or manual).
> 
> No one has mentioned this behavior before, but I do not know how commonly
> this 'cfg-save revert' knob is configured.  If it is common, maybe you are
> using a feature that causes this reboot or have encountered a bug.

'cfg-save revert' causes a reboot by design (see https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-save-option-set-cfg-save-revert-to/ta-p/191106), I was just curious if anyone had a workaround for disabling paging that didn't trigger a configuration change.

We've changed them to 'cfg-save manual' which seems to work (although we're always showing configuration changes), although we've lost the ability to auto-revert if we get locked out of the device.

By default the devices come with 'cfg-save automatic'.

Cheers,

Gary T. Giesen


From heas at shrubbery.net  Fri Apr 18 20:38:46 2025
From: heas at shrubbery.net (heasley)
Date: Fri, 18 Apr 2025 20:38:46 +0000
Subject: [rancid] RANCiD with Fortinet FortiGate firewalls and cfg-save
 revert
In-Reply-To: <2121012939.38997.1744916112613@office.mailbox.org>
References: <732315247.965235.1740675746671@office.mailbox.org>
 <Z9n5s0VPDouvTtlE@shrubbery.net>
 <2121012939.38997.1744916112613@office.mailbox.org>
Message-ID: <aAK4VlkViD1T2Y2c@shrubbery.net>

Thu, Apr 17, 2025 at 02:55:12PM -0400, Gary T. Giesen:
> 
> > On 2025-03-18 6:54 PM EDT heasley <heas at shrubbery.net> wrote:
> 
> > > Has anyone dealt with this issue with RANCiD and cfg-save revert on Fortinet FortiGate firewalls? Is there any solution other than to just disable cfg-save revert (by setting it to automatic or manual).
> > 
> > No one has mentioned this behavior before, but I do not know how commonly
> > this 'cfg-save revert' knob is configured.  If it is common, maybe you are
> > using a feature that causes this reboot or have encountered a bug.
> 
> 'cfg-save revert' causes a reboot by design (see https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-save-option-set-cfg-save-revert-to/ta-p/191106), I was just curious if anyone had a workaround for disabling paging that didn't trigger a configuration change.

You could, and I would encourage, open a support ticket for this feature;
"terminal attributes, such as disabling the pager, should be per-tty,
ephemeral, and not be done in configuration mode nor require elevated
permissions."

> We've changed them to 'cfg-save manual' which seems to work (although we're always showing configuration changes), although we've lost the ability to auto-revert if we get locked out of the device.
> 
> By default the devices come with 'cfg-save automatic'.
> 
> Cheers,
> 
> Gary T. Giesen


From ggiesen at giesen.me  Thu Apr 24 18:12:13 2025
From: ggiesen at giesen.me (Gary T. Giesen)
Date: Thu, 24 Apr 2025 14:12:13 -0400 (EDT)
Subject: [rancid] RANCiD with Fortinet FortiGate firewalls and cfg-save
 revert
In-Reply-To: <aAK4VlkViD1T2Y2c@shrubbery.net>
References: <732315247.965235.1740675746671@office.mailbox.org>
 <Z9n5s0VPDouvTtlE@shrubbery.net>
 <2121012939.38997.1744916112613@office.mailbox.org>
 <aAK4VlkViD1T2Y2c@shrubbery.net>
Message-ID: <1586599387.242769.1745518333352@office.mailbox.org>

I've opened a ticket with Fortinet, we'll see where, if anywhere, that it leads. If anyone would like the ticket number so they can link their tickets, please feel free to email me directly.

Cheers,

Gary T. Giesen

> On 2025-04-18 4:38 PM EDT heasley <heas at shrubbery.net> wrote:
> 
>  
> Thu, Apr 17, 2025 at 02:55:12PM -0400, Gary T. Giesen:
> > 
> > > On 2025-03-18 6:54 PM EDT heasley <heas at shrubbery.net> wrote:
> > 
> > > > Has anyone dealt with this issue with RANCiD and cfg-save revert on Fortinet FortiGate firewalls? Is there any solution other than to just disable cfg-save revert (by setting it to automatic or manual).
> > > 
> > > No one has mentioned this behavior before, but I do not know how commonly
> > > this 'cfg-save revert' knob is configured.  If it is common, maybe you are
> > > using a feature that causes this reboot or have encountered a bug.
> > 
> > 'cfg-save revert' causes a reboot by design (see https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-save-option-set-cfg-save-revert-to/ta-p/191106), I was just curious if anyone had a workaround for disabling paging that didn't trigger a configuration change.
> 
> You could, and I would encourage, open a support ticket for this feature;
> "terminal attributes, such as disabling the pager, should be per-tty,
> ephemeral, and not be done in configuration mode nor require elevated
> permissions."
> 
> > We've changed them to 'cfg-save manual' which seems to work (although we're always showing configuration changes), although we've lost the ability to auto-revert if we get locked out of the device.
> > 
> > By default the devices come with 'cfg-save automatic'.
> > 
> > Cheers,
> > 
> > Gary T. Giesen
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss