[rancid] RANCiD with Fortinet FortiGate firewalls and cfg-save revert

[Gary T. Giesen]

I've opened a ticket with Fortinet, we'll see where, if anywhere, that it leads. If anyone would like the ticket number so they can link their tickets, please feel free to email me directly.

Cheers,

Gary T. Giesen

> On 2025-04-18 4:38 PM EDT heasley <heas at shrubbery.net> wrote:
> 
>  
> Thu, Apr 17, 2025 at 02:55:12PM -0400, Gary T. Giesen:
> > 
> > > On 2025-03-18 6:54 PM EDT heasley <heas at shrubbery.net> wrote:
> > 
> > > > Has anyone dealt with this issue with RANCiD and cfg-save revert on Fortinet FortiGate firewalls? Is there any solution other than to just disable cfg-save revert (by setting it to automatic or manual).
> > > 
> > > No one has mentioned this behavior before, but I do not know how commonly
> > > this 'cfg-save revert' knob is configured.  If it is common, maybe you are
> > > using a feature that causes this reboot or have encountered a bug.
> > 
> > 'cfg-save revert' causes a reboot by design (see https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-save-option-set-cfg-save-revert-to/ta-p/191106), I was just curious if anyone had a workaround for disabling paging that didn't trigger a configuration change.
> 
> You could, and I would encourage, open a support ticket for this feature;
> "terminal attributes, such as disabling the pager, should be per-tty,
> ephemeral, and not be done in configuration mode nor require elevated
> permissions."
> 
> > We've changed them to 'cfg-save manual' which seems to work (although we're always showing configuration changes), although we've lost the ability to auto-revert if we get locked out of the device.
> > 
> > By default the devices come with 'cfg-save automatic'.
> > 
> > Cheers,
> > 
> > Gary T. Giesen
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss