Failed to push LDAP configuration to fortigate due to lack of policy object

gmiretzky · ‎01-13-2019

Hi,

We have several fortigate firewalls managed by a fortimanager machine.

We would like to add "local" active directory administrators to the fortigate machines , and for that , we configured the AD details + Users on the fortimanager.

The problem is that fortimanager will not push the AD & User configuration to the fortigate firewalls , if the users are not part of the policy.

Do we really need to create a bogus policy rule that will have the admin user AD group , only so the fortimanger will push the AD & user configuration to the firewalls ? What will happen if someone will remove the policy rule by mistake, we will loose the users configuration ?

I believe this is a bad design by fortigate that require policy statement to allow AD & User configuration to be pushed to the firewalls. Any way to work around this ?

Thanks,

Guy

brazz_FTNT · ‎01-14-2019

Hello,

I would suggest you follow below steps:

In this experiment , we are using these FMG 6.0.3, and FGT 6.0.2 versions.

+Log in to the FMG and go to the Policy & Objects tab +Click on the Object Configuration +Under User & Device Select LDAP Servers and create the LDAP server +Under User & Device Select User Groups then create a new user group

+Go to the Device Manager and double click on your FGT

+Under System: click on the Administrators, create a new Administrator based on the proper setting

+Install Install Device Settings (only) and you should be good to go

*No need to create any dummy policies.

Please do not forget to rate my post if you find it helpful.

keevern · ‎06-22-2024

Thanks for posting. This helped me push my ldap config from my manager to my firewalls.

Failed to push LDAP configuration to fortigate due to lack of policy object

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website