Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DT3
New Contributor

Created on ‎01-17-2025 01:54 AM

FortiManager Address Group Change

I have come across a strange issue. I have added a new member to an address group, so not changing a firewall rule directly. I can’t seem to find a way to push it to the Fortigate just as an address change?

 

If I add it directly on the Fortigate it complains it is out of sync, and doesn’t sync back. If I do a retrieve, it doesn’t pull it back in to the Fortimanager either.

 

Am I missing something obvious?

Labels:
412
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎01-17-2025 05:33 AM

As per my knowledge the address objector address group object will not be pushed the FGT unless it is used in a firewall rule.

If you can't push it then it is simply not used.

AEK
AEK
391
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎01-17-2025 06:54 AM

Hi @DT3 ,

 

You did not say whether the address group is used or not.

 

As @AEK mentioned, you have to apply the address group in one firewall policy at least so FMG will push it to FGT.

 

 

Regards,

Jerry
379
0 Kudos
DT3
New Contributor
In response to dingjerry_FTNT

Created on ‎01-17-2025 07:06 AM

Yes the main group was already referenced in a Policy, all I have done is add an extra entry in the address group, it just wont see it and when I try to push it out it simply tries to set the group back to how it was previously before I added the group in Forti Manager,

376
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to DT3

Created on ‎01-17-2025 07:16 AM

Hi @DT3 ,

 

It sounds like a bug.

 

What is the FMG version?  If ADOM is enabled, what is the ADOM version?  What is the FGT firmware version?

 

Is it possible that you can share the following for us to test?

 

1) FGT firewall policy using the address group

2) The address group in this issue

3) The new address object you wanted to add into the group

Regards,

Jerry
373
0 Kudos
DT3
New Contributor
In response to dingjerry_FTNT

Created on ‎01-17-2025 08:00 AM

I have found the reason why, when I add to the address group, further down there is an option for per-device mapping, which seems to differ from the main list. If i add it in per-device mapping it works as expected. Is there a way so it just applies from the main list?

338
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to DT3

Created on ‎01-17-2025 08:21 AM

Hi @DT3 ,

 

FMG will push the objects based on the mappings when mapping is on.

Regards,

Jerry
332
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.