I have two ADOMs with different devices. I'd like to copy Policy Packages and Objects from 'Production_ADOM' to 'Staging_ADOM'.
I suppose I can add one of 'Staging_ADOM' devices to 'Production_ADOM', then install Policy Package and Objects defined in 'Production_ADOM', then add it back into 'Staging_ADOM', overwriting its Policy Package and Objects, and then installing these to other devices in the 'Staging_ADOM'.
However, I really don't wish to interfere with 'Production_ADOM'.
Is there another/smarter way? (I see command 'fmpolicy copy-adom-object' which seems like a candidate for copying Objects, but it's not well documented and also it also seems to function only one object instance at-a-time.)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
'fmpolicy copy-adom-object' is for copy ADOM object to same ADOM device db
for your case, I think you can try " exec fmpolicy print-adom-database" and find out needed config to create a script, then run script for your new ADOM package
Thanks
Simon
scao_FTNT wrote:'fmpolicy copy-adom-object' is for copy ADOM object to same ADOM device db
Can you provide a use-case for this command?
scao_FTNT wrote:for your case, I think you can try " exec fmpolicy print-adom-database" and find out needed config to create a script, then run script for your new ADOM package
Script won't update Policy Package - so, I'd need create script and then install it onto a device, then retrieve the device to overwrite existing Policy Package policies, and then install the Policy Package on other devices, correct? This doesn't follow the "FortiManager is master of configuration" methodology.
FortiManager has a exporting facilities, but seems to lack importing.
Can you provide a use-case for this command?
-- this CLI normally used for troubleshooting
Script won't update Policy Package
-- you can just run script for policy package / ADOM db
Thanks
Simon
scao_FTNT wrote:This looks very handy - I missed it because it didn't seem to have a CLI equivalent - only[ul]Script won't update Policy Package
-- you can just run script for policy package / ADOM db
Why not against "Policy Package, ADOM Database" as in GUI?
Thanks for the update, I will review with dev team see if can improve the CLI to include run package for the script
Thanks
Simon
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.