Help
FortiPortal
FortiPortal provides a comprehensive set of security management and analytics within a multi-tenant, multi-tier management framework.
awasfi_FTNT
Staff
Staff

Created on ‎06-12-2025 10:20 PM

Article Id 396130

Troubleshooting Tip: The new user in the users group on FortiPortal is not present on FortiGate after configuration installed

Description

This article describes why, when a new user is added to an existing user group that is used in a firewall policy on FortiPortal, and the configuration is pushed to the devices, the changes are not applied on FortiGate(s).
Scope FortiPortal.
Solution

FortiPortal does not support per-device mapping for users and user groups.

 

When a new user is added to a user group (used in a firewall policy) and the configuration is pushed from FortiPortal, the changes are not applied to FortiGate(s).

 

As FortiManager uses per-device mapping for the same user group, when FortiPortal pushes the configuration, the new user is added to the default user list (since per-device mapping is unavailable on FortiPortal).

 

However, FortiManager prioritizes its per-device mapping over the default configuration, ignoring the new user. As a result, the change is not propagated to FortiGate.

 

To successfully apply the configuration from FortiPortal:

 

Create a new user group, add the new user to it, and use this new group in the firewall policy before pushing the configuration. This ensures the changes are properly deployed without conflicting with per-device mapping on FortiManager.
104
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.