Hello,
Our newly deployed Fortigate firewalls at our DC, which are managed via FortiManager. At the time of deployment we created a tunnel with one of our offices. Now I want to modify the Local Address on the Fortigate firewall. When search in Policy & Objects tab on FortiManager for the address group used as Local Address in the IPSec tunnel, I cannot find that address group.
However when I login to firewalls directly, i can find that address group. I cannot (should not) be making changes directly on Firewall as these changes will be wiped out upon next policy push from FortiManager.
So how do I find the address group in FortiManager which is used as Local Address in IPSec VPN configuration so that i can edit it.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello ,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi,
May I know the firmware version of your Fortigate and the Fortimanager?
Are you able to view the other address groups from the FortiGate imported?
How many member does the address object group has with which you are facing the issue?
BR,
Manosh
Hi Manosh,
Fortigate is running on firmware - 7.0.12 build 0523
FortiManager is running on firmware - v7.4.0-build2223 230514 (GA)
Yes, i can see all the objects migrated to Fortigate. As a matter of fact, I am able to see & edit this address-group in question when i login to Fortigate UI, but cannot see it on FortiManager UI.
There are 6 objects currently in that address-group. Something that i noticed is - this address group is called as 'Local Subnets for VPN' and it seems to be part of other VPN as well (other VPN is to other location).
I don't think there is option of recreating this object group with new set of IPs and add it back to VPN.
Hi romohite8,
As I understand the address group has been created under "Policy & Objects >> Objects Configuration >> Firewall Objects >> Address". Please correct me if I am wrong.
Check if the tunnel configuration under VPN manager has this address group displayed on the GUI.
Are the device showing the policy package in sync on FMG?
Hi,
Fortigate is running on firmware - 7.0.12 build 0523
FortiManager is running on firmware - v7.4.0-build2223 230514 (GA)
Yes, i am able to view other objects/address-group which were migrated. The address-group in question is called as "Local Subnets for VPN" which is getting called in all the VPN tunnels.
This address-group 6/7 objects in it.
Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install.
if it's missing from FMG and VPN manager then we can re-create it on FMG using script on policy package after copying the configuration from FGT CLI, then make sure to attached to the VPN manager configuration.
Maybe the event logs of FMG, it shows it has been deleted.
Also, check the address group name is showing in the event logs by filtering the message field using "*address_name*"
Regards
Nagaraju.
I tried what you suggested - "Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install."
I get green check marks for these -
We have recently deployed FortiGate firewalls in our network and are managing them through FortiManager. However, I'm unable to find an address group that is used as a Local Address in an IPSec VPN configuration. When I search for the address group in the Policy & Objects tab on FortiManager, it doesn't appear. Strangely, when I directly log in to the firewalls, I can locate the address group. Since making changes directly on the firewall is not recommended, I need to find a way to access and modify the address group through FortiManager. Regards
Was this ever resolved. I am experiencing the same issue on FMG 7.4.3 and Fortigate 7.2.8. I cannot see the address group that is use for the VPN selectors under the Firewall Objects > Addresses.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.