| Description | This article describes why some URL Exemption objects in SSL/SSH profile are not pushed to FortiSASE via FortiManager. |
| Scope | FortiManager, FortiSASE. |
| Solution |
Users might experience an issue where certain URL exemptions are not seen in FortiSASE, despite being configured and pushed from FortiManager. The screenshot below shows an example of such scenario where in FortiManager, two addresses are exempt; exempt1 and exempt2, while in FortiSASE, only exempt1 address can be seen.
This is because the two addresses are different categories of objects. Object ‘exempt1’ is of category Address, while object ‘exempt2’ is of category Wildcard FQDN. This can be verified by going to Policy & Objects -> Firewall Objects -> Addresses in FortiManager.
To ensure the correct URLs are exempted in FortiSASE, the correct object category needs to be used and configured in FortiManager. The screenshot below shows an example of address object that can be included in URL Exemption in FortiSASE.
After updating the SSL/SSH profile with the correct address object, perform an installation to FortiSASE and the URL Exemption in FortiSASE should now show the correct address(es).
|
