| Description |
This article describes how to resolve the issue where an object created in FortiManager is not reflected on the FortiGate side. The object is applied to be a member of a rule, but it is not being installed properly. |
| Scope |
FortiManager. |
| Solution |
As FortiManager's expected behavior, the object created needs to be referenced in a rule or a policy to get it installed into FortiGate.
In this example, the FortiGate has synchronized status for Config Status and Policy Package Status:
However, when assigning an address group, FortiManager has 3 firewall address objects while FortiGate only has 2. FortiManager:
FortiGate:
The firewall address group object has already been configured with the correct addresses as part of the group, which contains 3 addresses:
However, there is per-device mapping for the specified FortiGate, which only has 2 addresses, and this needs to be edited and add to it the third address object, otherwise the FortiManager will only push the 2 address objects that are assigned globally.
In conclusion, the object is not reflected in the expected behavior as it is configured specifically for the FortiGate. If all the addresses need to be installed in FortiGate, the per-device mapping needs to be reconfigured to add all the addresses, or it can be removed since all the addresses are already part of the original configuration. |
