Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Homan
New Contributor II

Customised internet service in fortimanager.

Hi,

How can i create a customized internet service in fortimanager?
I create a custom internet service and then i used the object in my police rule.
but i can't install the new config.
I get a message that "1 device(s) configuration is out of synchronization".

 

Kind regards,

Homan

6 REPLIES 6
xshkurti
Staff
Staff

@Homan 
After you create custom internet service and before installing policy rule, try to execute update so fortigate can get this new internet-service.
After that try to install config. You are seeing this message because fortigate does not have that newly created internet-service in its database.

 

Regards,

Homan
New Contributor II

@xshkurti,

Thanks for the replay.

I tried it but after the update nothing is updated.
The new object is not visible in internet service database on fortigate.

Kind regards,

Homan

jasonhong

You have to ensure the internet service object is in used/referenced in any firewall policy prior to installing the policy package.

 

You may try to manually retrieve the device config to ensure the config status is synchronized.

https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiGate-is-Out-of-sync-on-Device-Mana...

 

Then, make changes to the firewall policy to add the internet service object in any working firewall policy and proceed to install the policy package. You should be able to view the changes within the installation preview as you go through the Install Wizard.

Homan
New Contributor II

@jasonhong,
Thank you for your reply.
That is the problem. If i use the custom internet service in a policy , I can't push the config to fortigate.
I get a error message and than instal job faild.

If i create just a costunm internet service I can instal the config but i don't see any new object in internet service database.


kind regards.

cosan22
New Contributor

Hi, did you have any existing policy using internet service database ?

I see here and didn't have in the firewall objects tab, but if you create a new rule for example you have a box so you can turn on, this box is called internet service.

And inside the rule you can see the objects, but only inside the rule, not in the firewall object tab.

10.0.0.0.1 192.168.1.254
Homan
New Contributor II

Hi cosan22,

I have firewall rules with internet service object, but they are default objects.

I am running into custom internet service objects.

 

Kind regards,

Homan

Top Kudoed Authors