Pretty Nasty bug. If you create a policy in a policy block that uses a certificate with a private key that doesn't exist on the FGT. Not only will it skip installing the policy, it will not throw any errors and will tell you that Fortigate is in sync. That means, if you are adding a bunch of policies you will have no idea anything is wrong until something doesn't work or someone complains.
Really bad since it means you can not rely on Fortimanager as source of truth.
Which FMG/FGT versions?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.