Hi
I've recently started a new job. They have Fortinet firewalls and access points, although I don't have much experience with Fortinet.
We have a Fortimanager and Fortianalyzer which manages some firewalls but we have a couple of sites where the Fortigate only connect to FortiAnalyzer but are not managed through Fortimanager. I have seen to the process to add a device to Fortimanager, which seems fairly straight forward. These sites have Fortigate HA pairs.
I have a couple of questions though:
- If we add an existing standalone Fortigate cluster to Fortimanager, is there any outage for the users on those sites?
- If the config is imported, what happens if there any duplicate objects?
Appreciate any help provided.
Many thanks
Roy
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Roysmith,
I don't think there will be an outage. For duplicate objects, please refer to this article: https://community.fortinet.com/t5/FortiManager/Technical-Tip-Import-object-list-summary-when-Importi...
Regards,
Hi,
I dont really understand what a standalone FGT cluster means.
Is it a standalone FGT ( no cluster, only a single device ) or is there a cluster ( 2x FGT in HA ) ?
Also, importing it in FMG should not have any impact whatsoever and at that stage if multiple objects are marked as duplicates, I think you have to 2 options, described here : https://community.fortinet.com/t5/FortiManager/Technical-Tip-Import-object-list-summary-when-Importi...
Sorry, when I say standalone, I mean they are not managed via Fortimanager. The sites have a 2 * Fortigates in HA.
Thanks for the link, that helps to understand what we might have to do if we come across duplicate objects.
Hi @Roysmith,
I don't think there will be an outage. For duplicate objects, please refer to this article: https://community.fortinet.com/t5/FortiManager/Technical-Tip-Import-object-list-summary-when-Importi...
Regards,
I think you're using a term "import" to describe retrieving the entire config of the HAed FGTs into the FMG's device DB. In that process, the FMG wouldn't do any consolidation of config between multiple FGTs it manage. But when you actually "import" the policy&objects of the config in the device DB to "Policy & Objects", that's when the FGT check if the same object names exist and if so either override existing ones or convert them to dynamic objects then define the value "per device". I don't know which exactly happens based on what conditions.
Toshi
Hi Toshi
Apologies, if my terms not correct. As I said, I'm fairly new to Fortinet but i do have lots of experience with other firewall vendors.
I have realised that a Fortigate does have a local config, with some settings that tend to be managed by directly accessing the Fortigate. Although, I have realised most of these settings can be managed through FortiManager Device Manager and then through CLI Configuration.
It seems, from the comments that what I want to achieve is possible an should not cause any disruption to the users, which is always a key factor.
Thanks to everyone for the help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.