| Description | This article describes the situation when the FortiManager tries to unset VLAN interface settings. |
| Scope | FortiManager, FortiSwitch Manager. |
| Solution |
In this scenario, the VLAN interface 'vlan10' is configured on FortiSwitch Manager in FortiManager and assigned to a template in order to be pushed to a registered FortiGate device:
The template is then pushed to the FortiGate in a policy package installation. After the installation, PING is enabled for 'vlan10' on the FortiGate itself. This will be auto-updated in FortiManager's Device Manager database:
However, this will not be reflected in FortiSwitch Manager, where the VLAN interface will retain its original setting. When trying to install a policy change, FortiManager will try to unset the interface's allowaccess setting:
This is because the VLAN interface does not allowaccess configured in FortiSwitch Manager, and the template configurations in FortiSwitch Manager will take precedence when performing a policy install.
To resolve this, simply enable PING on 'vlan10' in FortiSwitch Manager:
After making the change, FortiManager will not try to unset allowaccess on the VLAN interface:
|
