Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
okasaputra
New Contributor II

Created on ‎12-06-2023 02:54 AM

Create Firewall policy for Fortigate via Fortimanager with different source segments

Hi,

I need to configure a Firewall policy with a local segment source range for 200 Fortigate.
for example:
FG1, IP range 192.168.1.10 - 192.168.1.15
FG2, IP range 192.168.2.10 - 192.168.2.15
...

 

I plan to push the related config via Fortimanager, by creating range addresses first then defining the range addresses into Firewall policy
But I don't understand how to create addresses with different specific IP for each Fortigate via Fortimanager

Config example:

image.png

 

Please help

 

Thanks

 

FortiManager FortiGate 

Labels:
462
3 REPLIES 3
lingky88
Staff
Staff

Created on ‎12-06-2023 02:58 AM

Hi,

 

If you are referring to using the same firewall address but applying different values to different FortiGates in the same ADOM, then you can use the "per-device mapping" function when creating the address. The per-device mapping allows to apply different parameters to different FortiGates whilst applying the same firewall address to the policies.

 

Reference: https://community.fortinet.com/t5/FortiManager/Technical-Tip-Per-Device-mapping-behaviour/ta-p/26486...

 

Thank You.

459
okasaputra
New Contributor II

Created on ‎12-06-2023 05:40 PM

Hi Lingky,

 

Thanks for the information

 

What I understand from the article is that we still have to create a manual list of IP ranges for all Fortigate in Fortimanager

 

When creating a Firewall policy, can we create 1 policy in Fortimanager and then during the push process to Fortigate, Fortimanager will automatically define the addresses that we have created for each Fortigate?

 

Thanks,

413
0 Kudos
lingky88
Staff
Staff

Created on ‎12-06-2023 06:04 PM

Hi okasaputra,

 

That is correct. You will need to create the address and assign the per-device mapping for different FortiGates so that FortiManager will install different values to the devices when this object is applied in the firewall policy.

 

Similarly, you can only create 1 policy package and add the FortiGates as part of its Installation Targets. The values of addresses/objects used in that policy will depend on the per-device mapping configured individually for those objects.

 

Thank You.

 

 

407
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.