FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jiyong
Staff
Staff
Article Id 340112
Description This article describes an issue where blank spaces appear when importing CNAT in FortiManager.
Scope FortiManager v7.0.
Solution

Reproduce Step:

  • ADOM Workspace enabled.
  • ADOM Normal mode.

 

Step1: Change Central-NAT policy from FortiGate:

 

Fortigate CNAT-1.png

 

Step 2. Lock ADOM, import Policy Package (only the first step of Import Policy Package), and check first how many Policies will be imported.

 

Fortimanager-import-1.png
Step 3. Cancel the Import Policy Package page.
Step 4. Unlock ADOM.
Step 5. Lock again ADOM and proceed again with the Import Policy Package. It will show fewer policies to be imported for example Import All(2) or 8 or 6 (randomly).

 

Fortimanager-import-2.png
Step 6. Import will be successful only for the number of Policies shown on the Import page [Import all(x)] and after Import Policy Package will show Synchronized, but some policies will not be in ADOM DB.

 

Fortimanager-import-3.png

 

Step 7. Result:

  • When importing, information about CNAT cannot be confirmed.

 

Fortimanager-import-4.png

 

Caution:

After the above results, a purge occurs when installed on the firewall. 

 

FortiGate System Event Log:

 

date=2024-06-15 time=15:27:21 eventtime=1718173640714872915 tz="+0900" logid="0100044546" type="event" subtype="system"

level="information" vd="root" logdesc="Attribute configured" user="admin@FortiManager" ui="fgfm_tunnel" action="Purge" cfgtid=3211795129 uuid="fb411404-2282-51ef-53d6-0bf4db53c3be" cfgpath="firewall.central-snat-map" msg="Purge firewall.central-snat-map "

 

The above import issues include also DOS, Local-in and traffic shaping policies.

 

Workaround:
Re-import package 2 or 3 times to import everything or import to a new policy package.

 

Solution:

This is no longer a limitation on FortiManager v7.2.6, v7.4.4, v7.6.2 and newer.