Fortimanager - FSSO User Groups

Forum|Forum|10 years ago
November 27, 2015
3 replies
10620 views

We have a problem on our Fortimanager. While it;s within a secure environment it does not have access to the LDAP or FSSO servers. Only the fortigate has. Because of this I can only add new Groups to monitor on the Fortigate and then Import that config again to update the Fortimanager.

One problem we face is that the imported group object is only usable within the imported VDOM, when i try to use the same group on another policy, the Config fails to install referencing as Unknown Datasource (Policy Verification)

Where i thought this should be pushed and set as normal?

Kind regards,

Peter

Fortimanager

scao_FTNT

Staff

Can you provide the error details?

Thanks

Simon

AckronAuthor

New Member

Here is the error:

BURPICERROR.JPG

AckronAuthor

New Member

And this is the detail:

PIC2ERROR.JPG

scao_FTNT

Staff

is that user adgrp config "CN=xxx" in your pic, existing in device db/FGT?

Thanks

Simon

scao_FTNT

Staff

in FMG 5.2 design, we requires that same name FSSO user exists in device db, then can correctly copy/install config to device/FGT

in FMG 5.4, we changed this design (so FMG ADOM db will communicate with remote FSSO server to update the user list), and will not block install, but on FGT side, if this user does not exist on FSSO server, then FGT side refresh (sync to FSSO server) will auto remove this user

Thanks

Simon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded