Explorer

Solved

Mapping dynamic object configuration

Forum|Forum|1 year ago
December 11, 2024
1 reply
1866 views

Can someone explain to me how to show the object installed in the Remote FGT or Local FGT.

Example 1
Create address
Name Local-Subnet
IP/Netmask: 192.168.1.0/24
Mapped Device
Local-FGT 192.168.1.0/28

Which IP/netmask is shown on FortiManager for this firewall address object for devices without a Per-Device Mapping set?

Example 2

Create address
Name Location
IP/Netmask: 192.168.1.0/24
Mapped Device
Remote-FGT 172.168.1.0/24

Which IP/Netmask will be installed on Remote-FortiGate, for the Local firewall address object?

Fortimanager

Best answer by sw2090

For Example 1: if there is neither per-device nor per-plattform mapping the object is static and will have Address/Netmask set in FMG (192.168.1.0/24)

If there is per PLatform mapping then every Device matching the plattform will get that mapping and any other will get the address/subnet specified first (default mapping).

If there is per device mapping then a device that matches a device mapping will get the subnet/mask that is specified there.

for example:

Create address

Name Location

IP/Mask 192.168.1.0/24

per PLattform Mapping: FGT100F => 192.168.1.0/28

per device mapping: firewall1 => 192.168.2.0/24

would mean: default mapping is 192.168.1.0/24

any fortigate 100F would get 192.168.1.0/28

firewall1 would get 192.168.2.0/24

interestingly I never tried to test what happens if firewall1 is a 100F :)

sw2090Answer

SuperUser