Setting up FortiManager for the first time and am having an issue with the policy package import. Imported the package from our first firewall - went as expected. Imported from the second firewall and the policy package status on the first switches to modified. If I re-import the first firewall, the second will switch to modified.
Did some Google & Reddit searching which led me to running the install wizard for the policy package on the second gate to find the mis-match. Looks like the issue is with our FortiTokens which are present on the first firewall (used as our primary SSL-VPN gateway), but not on the second firewall. Fortinet only allows them to be installed on one gate at a time. We do have FortiAuthenticator, but due to time constraints in the department haven't deployed it yet.
How can I get around the token error and install the policy package?
FortiToken shouldn't cause problems like that because all of them are unique and each can belong to just one device.
But are you realizing that those objects in one ADOM used by policies are shared with all policy packages in the same ADOM? If two FGTs has an object with the same name, like an address object, and with different values, when you import the second one into a policy package it would kick out (or override) the one imported before. You either need to change the names or use dynamic/per-device objects.
- FortiManager would only try to install the tokens to the second FortiGate if you are trying to use the same users/groups in both FortiGates/policy packages
-> you need to have unique users for the second FortiGate
-> as Toshi mentioned, importing objects with the same name from two different FortiGates may lead to objects being overwritten (though default is to create a dynamic mapping - meaning an ADOM object has a default version and a specific version for each FortiGate it is installed to)
-> you might need to double-check what objects you have in the ADOM and which were modified or made dynamic
-> the FortiManager will show both FortiGates in sync if you install policy packages to both FortiGates and don't import the first one again
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.