Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mark4352
New Contributor

Not feeling the love for FortiManager at all

I recently joined a company using Fortinet firewalls of varying sizes in many far flung places.

 

A new site needs to be set up and I needed to practice setting things up remotely.

 

It seems that Fortimanager is just being used to back up configs and changes are being done directly on the firewall, when I inquired why this was I was told that FortiManager was a PITA!

 

Having played around with this for a few days now I have to concur.

 

Currently I've given up on pushing FortiIOS 5.2.6 from a 5.2 ADOM to my test 60D as the FortiManager constantly tries to push Wireless config which fails and generates warnings even though the required config does seem to go ok. We are not using Wireless at all for info.

 

So I created a 5.0 ADOM, which doesn't seem to have this problem, I may have deleted the default AP profiles, it's becoming a blur.

 

So I need to copy over the policy, cut paste between ADOMs is not allowed!! The policy is on the firewall still as well but I cannot import it. I find this very poor.

 

Any advice other than use Meraki?

 

FortiManager: v5.0.9-build0345 141022 (GA)

2 REPLIES 2
mark4352
New Contributor

Currently FortiManager is trying to push this config:

config firewall service custom
edit "ALL"
set protocol-number 0
next
end

I've tried this manually and it seems to go on without complaint but still my installs all have warnings and Fortimanager is trying to resend with every policy or config push.

 

 

mark4352
New Contributor

I'm testing to a 60D running FortiGate 5.0.12,build0318 (GA) and the FortiManager is constantly trying to push this config which doesn't need to be touched. This gives failed install messages and warning config pushes, nothing I can pass to the support guys.

 

---> generating verification report
(vdom root: firewall service custom "ALL":protocol-number)
remote original:
to be installed: 0

<--- done generating verification report



------- Start to retry --------

cnxfw $ config firewall service custom
cnxfw (custom) $ edit "ALL"
cnxfw (ALL) $ set protocol-number 0
cnxfw (ALL) $ next
cnxfw (custom) $ end


---> generating verification report
(vdom root: firewall service custom "ALL":protocol-number)
remote original:
to be installed: 0

<--- done generating verification report