Enable to find address group used in IPSec VPN on FortiManager
Our newly deployed Fortigate firewalls at our DC, which are managed via FortiManager. At the time of deployment we created a tunnel with one of our offices. Now I want to modify the Local Address on the Fortigate firewall. When search in Policy & Objects tab on FortiManager for the address group used as Local Address in the IPSec tunnel, I cannot find that address group.
However when I login to firewalls directly, i can find that address group. I cannot (should not) be making changes directly on Firewall as these changes will be wiped out upon next policy push from FortiManager.
So how do I find the address group in FortiManager which is used as Local Address in IPSec VPN configuration so that i can edit it.
Fortigate is running on firmware - 7.0.12 build 0523 FortiManager is running on firmware - v7.4.0-build2223 230514 (GA)
Yes, i can see all the objects migrated to Fortigate. As a matter of fact, I am able to see & edit this address-group in question when i login to Fortigate UI, but cannot see it on FortiManager UI.
There are 6 objects currently in that address-group. Something that i noticed is - this address group is called as 'Local Subnets for VPN' and it seems to be part of other VPN as well (other VPN is to other location).
I don't think there is option of recreating this object group with new set of IPs and add it back to VPN.
Hi romohite8, As I understand the address group has been created under "Policy & Objects >> Objects Configuration >> Firewall Objects >> Address". Please correct me if I am wrong. Check if the tunnel configuration under VPN manager has this address group displayed on the GUI. Are the device showing the policy package in sync on FMG?
Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install.
if it's missing from FMG and VPN manager then we can re-create it on FMG using script on policy package after copying the configuration from FGT CLI, then make sure to attached to the VPN manager configuration. Maybe the event logs of FMG, it shows it has been deleted. Also, check the address group name is showing in the event logs by filtering the message field using "*address_name*" Regards Nagaraju.
I tried what you suggested - "Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install."
We have recently deployed FortiGate firewalls in our network and are managing them through FortiManager. However, I'm unable to find an address group that is used as a Local Address in an IPSec VPN configuration. When I search for the address group in the Policy & Objects tab on FortiManager, it doesn't appear. Strangely, when I directly log in to the firewalls, I can locate the address group. Since making changes directly on the firewall is not recommended, I need to find a way to access and modify the address group through FortiManager. Regards
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.