Hello everyone. First, thanks for reading this post. I have a main site with a FortiGate 600D cluster and am about to implement a replacement at our DR site with a like cluster. I just installed the FM as was trying to build-out and test the interactions with the DR cluster before implementation. I have no problem centrally managing the FG's with FM. But, I am seeing some quirky issues that is making me very hesitant. Listed below:
1. Create objects on FM. Great, no problems there and seem to be just like FG. However, I am trying to create several site-site VPN tunnels. I prefer to use named objects vs. IP's. So I create the addresses. But, when I go back to device and create the VPNs, the objects are NOT available for use. I know objects are pushed only when used. But, how I can I push the object if I can't use it in FM. I have gotten no where to solve this. However, I have successfully wiped VPN configs several times trying to get objects on the FG.
2. Sometimes, I have a hard time determining which objects are from the FG, and which are defined on the FM. As with VPN tunnels, it seems the objects available for those usage only come from the FG after they are there. But then if I don't use them, I run the risk of getting them wiped and destroying configs.
3. I can't seem to create the correct LDAP(Active Directory) group setup like I can on the FG. My main HQ is integrated with AD and I added user groups from AD. Then pointed the admin user at the group. I can't seem to replicate this on FM.
I would appreciate any info anyone may have regarding these issues or any other gotcha's regarding FM/FG. I would really like to use FM. My efforts so far have been to ensure that I can replicate everything that is going on. Thus far, I have had a few gotchas.
Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.