Skip to main content
ssanga
Staff & Editor
ssanga
Staff & Editor
October 21, 2024

Technical Tip: "Duplicate Firewall Objects" Security Rating check Fails for Default Objects or Services

  • October 21, 2024
  • 0 replies
  • 561 views
Description

This article describes the workaround and fix schedule for an issue where the "Duplicate Firewall Objects" security rating check fails for default address objects ('all' and 'FIREWALL_AUTH_PORTAL_ADDRESS') and FTP-related services (FTP, FTP_GET, and FTP_PUT) that share identical configurations.
Scope

FortiGate v7.6.0
Solution

The 'Duplicate Firewall Objects' check will fail for default address objects such as 'al;l and 'FIREWALL_AUTH_PORTAL_ADDRESS', as well as for default FTP-related services like FTP, FTP_GET, and FTP_PUT due to identical configuration.

Default Address Objects:


Default Address Objects.png

 

Default FTP Services:


Default FTP Services.png

 

Security Rating Check Fail:


Security Rating Check Fail.png

 

This issue has been resolved in v7.6.1.

Workaround: Add a comment on the objects/services showing duplicate.


GUI:
Address Object:


Address Object-GUI.png

 

Services:

 

Services-GUI.png
FTP-GET_GUI.png
CLI:


config firewall address
    edit "all"
        set comment default

    end

config firewall service custom

    edit "FTP"

        set comment FTP
    next
    edit "FTP_GET"
        set comment FTP_GET
    end

Logs required by FortiGate TAC for investigation:

 

  1. TAC Report:

 

execute tac report

 

  1. Screenshots.
  2. Fortinet Support Tool Data.
  3. The configuration file of the FortiGate.
      Terms & ConditionsAccessibility statement