Skip to main content
jfcelda
jfcelda
New Member
February 4, 2015
Solved

FortiManager: multiple global policy or policy package possible?

  • February 4, 2015
  • 2 replies
  • 16982 views

Hello,

 

I have to deploy a fortimanager and i want to know if it's possible to have multiple global policy or policy package on one device. Several devices ( fortigate) have a lot of policies in common, and I need 2 or 3 Global policies.

 

Thanks,

 

JF

Best answer by chall_FTNT

Jad,

When a policy package is installed, the FortiManager's task is to ensure that the resulting policies on FortiGate exactly match what is outlined in that package.  In other words, packages are not additive.

 

It is dangerous to have a FortiGate as an installation target for more than 1 policy package at a time because of the potential for human error in installing the wrong policy package (though FortiManager does give a warning if an admin user tries to push a policy package different than the one previously pushed).

 

It is for this reason that the FortiManager Best Practices Guide states:

"Each managed device should only have one policy package associated with it. This will help to ensure that the wrong policy package is not mistakingly installed to a FortiGate."

2 replies

scao_FTNT
Staff
scao_FTNT
Staff
February 4, 2015

Hi, JF:

 

For FMG policy package, we have "install on" function for each policy, you can enable this column display in column right click menu list and then after "install on" displayed in policy page, right click, you can add a target device (from package installation target) for that specific policy, then that policy will be only installed for that device. By default, policy is installed to all package installation target devices.

 

Hope this can help for your case

 

Thanks

 

Simon

jfcelda
jfceldaAuthor
New Member
February 5, 2015

Thank you,

 

It helps me.

 

JF

Jad
Jad
New Member
October 10, 2018

 

Hello,

 

I have the same issue, but in an other way.

 

I have multiple Fortigates, and one of them is listed on multiple Installation Target liste on multiple Policy package that are present in the FMG.

 

I would to know what is the order of these policies in that destination fortigate ?

 

How to determine the order from multiple policy package on th FMG to the same fortigate ?

 

Thanks & regards.

chall_FTNT
Staff
chall_FTNTAnswer
Staff
October 10, 2018

Jad,

When a policy package is installed, the FortiManager's task is to ensure that the resulting policies on FortiGate exactly match what is outlined in that package.  In other words, packages are not additive.

 

It is dangerous to have a FortiGate as an installation target for more than 1 policy package at a time because of the potential for human error in installing the wrong policy package (though FortiManager does give a warning if an admin user tries to push a policy package different than the one previously pushed).

 

It is for this reason that the FortiManager Best Practices Guide states:

"Each managed device should only have one policy package associated with it. This will help to ensure that the wrong policy package is not mistakingly installed to a FortiGate."

Terms & ConditionsAccessibility statement