Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
ckarwei
Staff
Staff

Created on ‎11-02-2021 05:25 AM

Article Id 192261

Technical Tip: Configure installation target scope for a policy within policy package

Description
This article describes how to configured policies to install only to specific unit instead of all the units under the installation target for a policy within the policy package using CLI script.
Solution
1) By default, firewall policies within the policy package will be install to all units as configure in policy package’s installation targets. 





2) By running the following script to the policy package, installation limit on policy 1 will be enable. 

# config firewall policy
edit "1"
    set _limit_scope enable
end




3) There’s no unit specify in the script earlier. 'Install On' is empty for policy 1. 




4) The following script will set 'FGT01' as the installation target for policy 1. In this case, VDOMis not enable on 'FGT01'. However, it is necessary to specify the VDOM (root) in the script. 

# config firewall policy
edit "1"
    set _scope "FGT01"-"root"
end




5) It is possible to have multiple entries in the installation target. 

# config firewall policy
edit "1"
   set _scope "FGT01"-"root" "FGT02"-"root"
end




6) The following script will turn off install limit. Policy 1 installation target will back to default. 

# config firewall policy
edit "1"
   set _limit_scope disable
end




Labels:
2193
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.