[rancid] rancid with Fortigate FG100A
gmccullagh at gmail.com
Wed Jul 6 13:35:36 UTC 2011
On Wed, 06 Jul 2011, Diego Ercolani wrote:
> I don't knoww deeply fortigate because if I can I prefer to use linux directly
> so feel free to change the command or the command sequence to perform a
> configuration dump.
> This is the power of opensource, every one can add a small piece of his
> knowledge and bring the community a full (hopely errorproof) utility.
I couldn't agree more, but I'm hoping to work out what the community
in general thinks. I don't think this question is particularly a Fortigate
In general, is it better for Rancid to record and version the entire
config of a device including defaults, or to just version the non-default
I can see arguments for both:
- when you upgrade firmware, the defaults might change and rancid could
presumably only note these if you version the entire config.
- the config and patches can be quite complex if you version the entire
- if the unit should fail, you get a new one and want to deploy the
config from Rancid, I would usually prefer to just deploy our config
changes and not override the defaults. If rancid holds the full config,
you can't really work out what are defaults and what are your settings.
Perhaps others might prefer to actually set those defaults where
I imagine this issue arises with units other than the Fortigates.
> I have only one clustered installation of fortigate and what I noticed is that
> from time to time, fortigate adds some line feed that make seem the
> configuration has changed... this is very annoying but I can't do experiments
> because it's a productin environment.
I've noticed the same actually, though generally it seems to be within the
"app-detect" lines which are all defaults (at least on our install).
Reducing this problem might be a happy side-effect of versioning the
More information about the Rancid-discuss