- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Failed to push LDAP configuration to fortigate due to lack of policy object
Hi,
We have several fortigate firewalls managed by a fortimanager machine.
We would like to add "local" active directory administrators to the fortigate machines , and for that , we configured the AD details + Users on the fortimanager.
The problem is that fortimanager will not push the AD & User configuration to the fortigate firewalls , if the users are not part of the policy.
Do we really need to create a bogus policy rule that will have the admin user AD group , only so the fortimanger will push the AD & user configuration to the firewalls ? What will happen if someone will remove the policy rule by mistake, we will loose the users configuration ?
I believe this is a bad design by fortigate that require policy statement to allow AD & User configuration to be pushed to the firewalls. Any way to work around this ?
Thanks,
Guy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would suggest you follow below steps:
In this experiment , we are using these FMG 6.0.3, and FGT 6.0.2 versions.
+Log in to the FMG and go to the Policy & Objects tab +Click on the Object Configuration +Under User & Device Select LDAP Servers and create the LDAP server +Under User & Device Select User Groups then create a new user group
+Go to the Device Manager and double click on your FGT
+Under System: click on the Administrators, create a new Administrator based on the proper setting
+Install Install Device Settings (only) and you should be good to go
*No need to create any dummy policies.
Please do not forget to rate my post if you find it helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for posting. This helped me push my ldap config from my manager to my firewalls.
