Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
boneyard
Valued Contributor

Created on ‎02-22-2025 12:41 AM

FortiManager Policy & Objects use of CLI routing objects

I noticed that in Policy & Objects there is at CLI Configurations > Objects > router some router objects like prefix-list and route-map.

 

This seems to achieve something when first wanting to use a prefix-list or route-map for example in the Device BGP configuration. But later changes in the Policy & Objects on that configuration don't seem to have an effect.

 

Did anyone work with this successfully? How did you make this work?

Labels:
208
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-22-2025 09:07 AM

Based on my experience with 7.2.x FMG firmware, those routing protocol related config objects do NOT seem to be considered as a part of Policy Packeges. Therefore, even when you make a change in one of those objects under Policy & Objects page, the FMG wouldn't recognize a change happened to the managed FGTs that uses any of Policy Packages.
This is probably because none of policies refer to the routing configuration.

If you want to control/regulate those routing objects on FGTs by FMG, your option would be CLI templates/template groups, which is separately checked their "sync" status against the managed FGTs.

I don't know if this has changed with 7.4.x or 7.6.x. Somebody else should be able to provide info for newer versions.

Toshi

View solution in original post

182
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-22-2025 09:07 AM

Based on my experience with 7.2.x FMG firmware, those routing protocol related config objects do NOT seem to be considered as a part of Policy Packeges. Therefore, even when you make a change in one of those objects under Policy & Objects page, the FMG wouldn't recognize a change happened to the managed FGTs that uses any of Policy Packages.
This is probably because none of policies refer to the routing configuration.

If you want to control/regulate those routing objects on FGTs by FMG, your option would be CLI templates/template groups, which is separately checked their "sync" status against the managed FGTs.

I don't know if this has changed with 7.4.x or 7.6.x. Somebody else should be able to provide info for newer versions.

Toshi

183
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.