This article describes the process of copying global policies from one FortiManager to another.
FortiManager.
Run the command below on the FortiManager-01:
List the policies:
execute fmpolicy print-adom-package Global 1 (After the command, press ?)
Select the Global Policy Package and list all the options available:
Print the policies on the global header policy. (Note: If other policies are created in different categories, like the global footer policy, it is necessary to change the ID from 1474 to 1476 to list the header policies. This is applicable for all categories listed above.)
Copy and paste the policies listed to a notepad.
Execute the procedure below on FortiManager-02:
Note:
If the FortiManager is a fresh install, the global policy package must be created before running the script.
Note:
A common issue that causes the script to fail is missing firewall objects in the Global Database. Before running the script, check if the object exists on the Global Database. To create the firewall objects through the script, consult Technical Tip: How to create firewall objects in FortiManager ADOM database with scripts.
Note:
Duplicating firewall objects between the Global Database and the ADOMs is a common issue that causes the policies to fail.
Fix this issue by renaming the objects in conflicts on the ADOM. FortiManager does not allow having the same object name on both ADOMs before installing the global policy.
Related documents:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.