FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jdvorak
Staff
Staff
Article Id 198342

Description

This article explains how to move objects to a new ADOM on FortiManager.


Solution

1) Connect to the FortiManager via an SSH session using Putty and enable logging.

jDvorak_FD40441_tn_FD40441-1.jpg

 2) In this example all firewall addresses from ADOM 1 will be copied to the newly created ADOM 2.

In Putty run the command “execute fmpolicy print-adom-object <ADOM_ID> <CATEGORY_ID> all”

140 is category “firewall address” 

jDvorak_FD40441_tn_FD40441-2.jpg

3) The above command will dump the configuration for all objects. As the session output is being logged, the configuration is stored in the putty.log file.  Edit the file and modify the syntax so it starts with “config firewall address” and finishes with “end”.  The configuration may need to be modified for particular objects (names, IPs, associated interface…)

4) In the FortiManager Web GUI, choose the ADOM to which the objects are to be moved.  Go to Device Manager > Scripts Create New and copy paste the output from the putty.log file.  Run Script on “Policy Package, ADOM Database” > OK

jDvorak_FD40441_tn_FD40441-3.jpg

 5) Run the Script on policy package “default” > OK

jDvorak_FD40441_tn_FD40441-4.jpg

This will run the script to configure objects in the ADOM database.  Check it afterward in Objects.  If any error occurs check the end of log file to see the reason why it failed.  If script contains error no object will be imported.

jDvorak_FD40441_tn_FD40441-5.jpg



 

 

Contributors