- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create Firewall policy for Fortigate via Fortimanager with different source segments
Hi,
I need to configure a Firewall policy with a local segment source range for 200 Fortigate.
for example:
FG1, IP range 192.168.1.10 - 192.168.1.15
FG2, IP range 192.168.2.10 - 192.168.2.15
...
I plan to push the related config via Fortimanager, by creating range addresses first then defining the range addresses into Firewall policy
But I don't understand how to create addresses with different specific IP for each Fortigate via Fortimanager
Config example:
Please help
Thanks
- Labels:
-
FortiGate
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you are referring to using the same firewall address but applying different values to different FortiGates in the same ADOM, then you can use the "per-device mapping" function when creating the address. The per-device mapping allows to apply different parameters to different FortiGates whilst applying the same firewall address to the policies.
Thank You.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lingky,
Thanks for the information
What I understand from the article is that we still have to create a manual list of IP ranges for all Fortigate in Fortimanager
When creating a Firewall policy, can we create 1 policy in Fortimanager and then during the push process to Fortigate, Fortimanager will automatically define the addresses that we have created for each Fortigate?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi okasaputra,
That is correct. You will need to create the address and assign the per-device mapping for different FortiGates so that FortiManager will install different values to the devices when this object is applied in the firewall policy.
Similarly, you can only create 1 policy package and add the FortiGates as part of its Installation Targets. The values of addresses/objects used in that policy will depend on the per-device mapping configured individually for those objects.
Thank You.
![](/skins/images/EC9FF2F7BE06D4243426EA19DD2C8052/responsive_peak/images/icon_anonymous_message.png)