Greetings,
Hello all. I have an issue right now that I have been working on. Initially I tried to delete a Global configured address entry in an Address Group (it has a blue ball icon). When I delete it and clicked "Ok", the changes does not reflect whereby the save button does not appear.
Then after quite a while, I am able to navigate to the Global portion. Here the same Address group with address entries exist but without the blue ball icon (it has the brown square icon instead). From here I am able to delete the required address entry in that specific Address Group and click the button "Save".
However when I go back to the desired ADOM section, I noticed that in the specific Address Group still exist the address entry that I had deleted in Global.
How is this possible? I would understand that an address entry that had been configured in Global is unable to be deleted in ADOM section. But the address entry was deleted in Global and yet it is not reflected in the ADOM section. This causes some issue to the end user's experience.
So, how can I ensure that the Global address entry is deleted and at the same time the changes reflect at the ADOM level?
Also, is there any way to delete the Global address entry at ADOM level (blue ball icon address entry)?
Appreciate your help and input on this matter.
Thanks & regards,
Ellyas.
after you change global config, have you re-assign the global policy (which using that object or you can choose to assign all global object) to that ADOM?
Thanks
Simon
Greetings,
Hi Simon. Thank you for your feedback. Previously what I did was just remove the address entry in the Address Group at the Global portion and hit "Save", and I don't think I had done any re-assignment that you had mentioned.
Could you share with me the steps for the re-assignment?
Also, what would be the impact of performing (or not performing) the re-assignment?
When we perform any change on the Global configuration (either the policies or objects and etc), shouldn't the change be automatically reflect to all related ADOMs?
Thanks & regards,
Ellyas.
Greetings,
Hi Simon. Thank you for your detailed response and it helps a lot in understanding the "assignment" that you mentioned. However I am not able to see the attached image in your latest post. Is it the same image as in your previous post?
Referring to my image attached named "FMG_01.jpg", I noticed that there are:
1. Assigned USED Objects Only
2. Assigned ALL Objects
3. (Checkbox) Automatically Install Policies to ADOM Devices.
May I know what would be the difference (and functions) between item 1 and 2?
For item 3, if we tick the checkbox, would the changes made on Global configuration be automatically propagated/pushed to the respective ADOM without having to perform any re-assignment?
Thanks & regards,
Ellyas.
Greetings, Hi Simon. Thank you for your detailed response and it helps a lot in understanding the "assignment" that you mentioned. However I am not able to see the attached image in your latest post. Is it the same image as in your previous post? Referring to my image attached named "FMG_01.jpg", I noticed that there are: 1. Assigned USED Objects Only 2. Assigned ALL Objects 3. (Checkbox) Automatically Install Policies to ADOM Devices. May I know what would be the difference (and functions) between item 1 and 2? For item 3, if we tick the checkbox, would the changes made on Global configuration be automatically propagated/pushed to the respective ADOM without having to perform any re-assignment? Thanks & regards, Ellyas.
Greetings,
Hi Simon. Great. Thank you very much for clearing up some inquiries, cheers. =)
Thanks & regards,
Ellyas.
actually any global ADOM change, need to assign to ADOM to make ADOM level config change (FMG will not auto apply global config to ADOM level), see attached pic
for your mentioned "Save", I think you enabled workspace function (ADOM lock) and thus if you change any policy and object config, will trigger save button highlighted, so you need to save the change to backend database, otherwise config change may lose if you close browser, but save will not assign global config change to ADOM database
Thanks
Simon
1. you need to create a global policy package
2 add ADOMs for this package, different package may have different ADOM as its package target (in attached pic, "Assignment" tab), you can even specify only some packages in this ADOM, will be assigned for step1 global policy package
3. then you need to assign that global policy package to ADOM package, for new config or each time config change
if you only want to assign global object but not for policy, then you can create an empty package, and when assign, choose "Assign ALL Objects" in "Assign Selected" from my pic
Thanks
Simon
yes, that is the correct place, I forgot to attach a pic
1. Assigned USED Objects Only
-- this is the default behavior and FMG will only assign policy configured (used) object to ADOM level 2. Assigned ALL Objects
-- so here FMG will assign all global ADOM object to ADOM level (no matter used by the policy package you plan to assign, or not used), so you will see many global objects in ADOM level then 3. (Checkbox) Automatically Install Policies to ADOM Devices.
-- this is the function, to auto do the install after assign, otherwise after assign, you need to go to ADOM level, and do the policy package install, to push the config change to real FGT device, but next time, if you change global config, you still need to do the assign or assign/install again, FMG will not auto apply this change to ADOM level, this always needs manual operation like install function
Thanks
Simon
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.