Fortinet Feature Flags

Overview

Two feature flags improve Fortinet device communications with TOS Aurora.

• Generate revisions: The generate_rev flag is used to create a new revision of the configuration for a managed device or ADOM (Administrative Domain). This process involves capturing the current configuration state and saving it as a new revision in FortiManager’s database.

• Generate logs: When enabled, the Generate Logs when Session Starts flag instructs a FortiManager device to log traffic immediately when a session begins rather than waiting for the session to close. This feature can be helpful during real-time traffic monitoring when administrators want to see logging data when a session starts, capturing traffic that violates configured security policies.

Generate Fortinet Revision after SecureChange Push Request

1. In the Fortinet Install Policy Wizard, select Install Device Settings (only).

2. In the request, add generate_rev under the flags section.

3. In TOS Aurora, run this command to activate this feature:

   tos config set -s device-collector -p fortimanager.generate_rev=true

   tos config set -s device-collector -p fortimanager.generate_rev=true

Generate Logs when Session Starts

1. When adding a FortiManager device that will be monitored by TOS Aurora, select Generate Logs when Session Starts.

2. In TOS Aurora, run this command to activate this feature:

   tos config set -s device-collector -p fortimanager.generate.logs.when.session.starts=true

   tos config set -s device-collector -p fortimanager.generate.logs.when.session.starts=true