Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
romohite8
New Contributor

Enable to find address group used in IPSec VPN on FortiManager

Hello,

Our newly deployed Fortigate firewalls at our DC, which are managed via FortiManager. At the time of deployment we created a tunnel with one of our offices. Now I want to modify the Local Address on the Fortigate firewall. When search in Policy & Objects tab on FortiManager for the address group used as Local Address in the IPSec tunnel, I cannot find that address group. 

However when I login to firewalls directly, i can find that address group. I cannot (should not) be making changes directly on Firewall as these changes will be wiped out upon next policy push from FortiManager. 

 

So how do I find the address group in FortiManager which is used as Local Address in IPSec VPN configuration so that i can edit it. 

 

Thanks.

8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Hello ,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
mgoswami
Staff
Staff

Hi,

 

May I know the firmware version of your Fortigate and the Fortimanager?

Are you able to view the other address groups from the FortiGate imported?

How many member does the address object group has with which you are facing the issue?

 

BR,

Manosh

romohite8
New Contributor

Hi Manosh, 

Fortigate is running on firmware - 7.0.12 build 0523
FortiManager is running on firmware - v7.4.0-build2223 230514 (GA)

 

Yes, i can see all the objects migrated to Fortigate. As a matter of fact, I am able to see & edit this address-group in question when i login to Fortigate UI, but cannot see it on FortiManager UI.

 

There are 6 objects currently in that address-group. Something that i noticed is - this address group is called as 'Local Subnets for VPN' and it seems to be part of other VPN as well (other VPN is to other location).

I don't think there is option of recreating this object group with new set of IPs and add it back to VPN. 

knagaraju
Staff
Staff

Hi romohite8,
As I understand the address group has been created under "Policy & Objects >> Objects Configuration >> Firewall Objects >> Address". Please correct me if I am wrong.
Check if the tunnel configuration under VPN manager has this address group displayed on the GUI.
Are the device showing the policy package in sync on FMG?



romohite8
New Contributor

Hi,

Fortigate is running on firmware - 7.0.12 build 0523
FortiManager is running on firmware - v7.4.0-build2223 230514 (GA)

 

Yes, i am able to view other objects/address-group which were migrated. The address-group in question is called as "Local Subnets for VPN" which is getting called in all the VPN tunnels. 

 

This address-group 6/7 objects in it.

knagaraju
Staff
Staff

Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install.

if it's missing from FMG and VPN manager then we can re-create it on FMG using script on policy package after copying the configuration from FGT CLI, then make sure to attached to the VPN manager configuration.
Maybe the event logs of FMG, it shows it has been deleted.
Also, check the address group name is showing in the event logs by filtering the message field using "*address_name*"
Regards
Nagaraju.

romohite8

I tried what you suggested - "Run the installation wizard and chose the correct policy package. But we don't want to install at the last step. We need to check the installation preview and download it then cancel the installation, so we can see what the FMG will install."

I get green check marks for these - 

Interface Validation
Policy and Object Validation
Nothing to install (Package maybe synchronized).
 
install wizard.jpg
JettBrandon
New Contributor

We have recently deployed FortiGate firewalls in our network and are managing them through FortiManager. However, I'm unable to find an address group that is used as a Local Address in an IPSec VPN configuration. When I search for the address group in the Policy & Objects tab on FortiManager, it doesn't appear. Strangely, when I directly log in to the firewalls, I can locate the address group. Since making changes directly on the firewall is not recommended, I need to find a way to access and modify the address group through FortiManager. Regards

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors