In a Security Fabric setup, objects such as addresses, services, and schedules are synchronized from the upstream FortiGate (root) to all downstream devices by default. If the synchronized objects are referenced in the downstream FortiGate, for example, in Firewall Policies, renaming the object on the root FortiGate will result in duplicate objects being created on the downstream FortiGate instead of updating the existing object.

In the following Example:

An address object is created on the root FortiGate, and enabling Fabric Global Object synchronizes this object to the downstream FortiGate.

Fabric Root FortiGate: Address object is created and synchronized to the downstream FortiGate.

Downstream FortiGate: Object is synchronized from the root.

As long as the synchronized object is not referenced on the downstream FortiGate, renaming it on the root FortiGate will automatically update the name on the downstream FortiGate.

However, if the synchronized address object is used in a firewall policy on the downstream FortiGate, renaming the object on the root FortiGate will create a duplicate object on the downstream FortiGate instead of updating the existing one.

Security Fabric Synchronized address object used in the Firewall policy of DownStream FortiGate.

Rename the address object on the root FortiGate from the LAN_SUBNET to 10/8_SUBNET. On the Downstream FortiGate, a Duplicate object was created due to the reference in a firewall policy.

Solution:

To avoid this issue when renaming synchronized address objects, remove all references to the object on the downstream FortiGate, and make the changes on the Fabric root FortiGate.