Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
WinterSnowYap
Staff
Staff

Created on ‎11-27-2024 12:33 AM

Article Id 360177

Technical Tip: How to make FortiManager Policy Package Status Synchronize when unable to perform Import Configuration

Description This article describes how to make FortiManager Policy Package Status Synchronize if the user is unable to perform Import Configuration.
Scope FortiManager.
Solution

Consider the following scenario:

FortiManager Policy Package Status not equal Synchronize, then can perform the below options:

 

Option 1:

At FortiManager performs Import Configuration.

 

Options 2:

When FortiManager reconfigures back the same information and performs Policy Package Installation.

* Perform Install Preview to verify the configuration first before performing Policy Package Installation.

* Perform backup config at FortiGate locally.

 

Option 1:

FortiManager is not able to perform Import Configuration due to some reason.

Example: ADOM version mismatch with the FortiGate version.

 

202411_FMG_PolicyPackageSynch_001.PNG

 

When the FortiManager ADOM version is different from the FortiGate version, then FortiManager will not be able to perform Import Configuration and will prompt an error message.

 

202411_FMG_PolicyPackageSynch_002.PNG

 

Options 2:

Reconfigure back the new changes from FortiGate into FortiManager.

Below are the examples:

 

202411_FMG_PolicyPackageSynch_003.PNG

 

At FortiManager, FortiGate 'Changes no.1' is auto-updated into FortiManager.

However, FortiManager does not have the Normalized Interface for the newly added interfaces, therefore it is necessary to create it.

 

202411_FMG_PolicyPackageSynch_004.PNG

 

At FortiManager, go to Policy & Objects -> Object Configurations -> Normalized Interface -> Create New (for vlan007 and vlan009 Normalized Interfaces).

 

202411_FMG_PolicyPackageSynch_005.PNG

 

After that, at FortiManager continue to configure for Changes no.2 and Changes no.3.

 

At FortiManager, go to Policy & Objects -> Object Configurations -> Firewall Objects -> Addresses -> Create New (for vlan007_members and vlan009_members Addresses).

 

At FortiManager, go to Policy & Objects -> Select the correct Policy Package -> Create New (for vlan007_to_vlan009 Firewall Policy).

 

202411_FMG_PolicyPackageSynch_006.PNG

 

At FortiManager, after being created for all Changes no.1 to Changes no.3, then perform Retrieve Configuration.

This is to make sure that at FortiManager (Device Manager), the Config Status becomes Synchronized.

 

202411_FMG_PolicyPackageSynch_007.PNG

 

After that, FortiManager performs Policy Package Installation.

* Perform Install Preview to verify the configuration first before performing Policy Package Installation.

* Perform backup config at FortiGate locally.

 

202411_FMG_PolicyPackageSynch_008.PNG

 

During the Install Preview, ignore the set uuid, as uuid is auto-generated from FortiManager which is different from FortiGate.

Proceed with policy package installation.

 

202411_FMG_PolicyPackageSynch_009.PNG

 

After the Policy Package Installation is completed, then the Policy Package will become Synchronized.

 

202411_FMG_PolicyPackageSynch_010.PNG
60
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.