Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mayanknjain1990
New Contributor

FortiManager Workflow

Trying to configure the workflow in Fortimanager. Configured an admin account to authenticate using LDAP and assigned him permission to approve a session but it does not seem to work.

 

However if i change the auth type for the admin user to local then he can approve changes.

 

Does fortimanager have any such limitation?

2 Solutions
scao_FTNT
Staff
Staff

thanks for the details provided, we confirmed issue on FMG 5.2.3 and will be fixed for FMG 5.2.4

 

Simon

View solution in original post

scao_FTNT

in 5.2.4, we fixed issue for neonbit mentioned Scenario 1, admin has right click menu approve function, but click approve can not approve the session properly. So after approve, GUI still see the session in 'waiting for approval status'. Next time approval will see an error popup "Approval failed as it has already been approved by qa1. No further action required"

 

but we also noticed sometimes, remote admin login can not see approve option (and reject/discard) in right click menu, and if customer is seeing the issue, this one is not yet fixed in 5.2.4 and we are still investigating this issue.

 

Thanks

 

Simon

View solution in original post

10 REPLIES 10
scao_FTNT
Staff
Staff

which FMG version you are using?

 

Thanks

 

Simon

neonbit
Valued Contributor

I've tested this using a RADIUS account (FMG-VM 5.2.3) and it's not working.

 

When I approve the changes with aRADIUS admin, it doesn't save. IE: the icon still says awaiting changes.

 

If I log out and back in with the local admin and approve the changes they save correctly and can be applied.

 

 

neonbit
Valued Contributor

Further testing with this;

 

I've got three users:

 

admin (local, superuser)

radius-admin (remote, custom profile with full write permissions)

support (local, standard user)

 

Admin and radius-admin have been configured with workflow approval to the adom, support doesn't have these permissions.

 

Scenario 1: support makes a change and requests approval. radius-admin has the option to approve this change, but the option doesn't save correctly (looks like a bug?). Admin is able to approve the change and it saves correctly.

 

Scenario 2: radius-admin makes a change and requests approval. Radius-admin can approve this change and it saves correctly.

 

So from what I've tested it seems that remote admins are unable to approve other users requests, but approving their own requests works fine.

mayanknjain1990
New Contributor

On Fortimanager 5.2.3 with LDAP authentication.

 

Have not tested the second scenario.Will test and update results.

mayanknjain1990
New Contributor

Not able to approve my own request as well..

 

Even changed the auth mechanism to Radius.

mayanknjain1990

Okay.. Thanks :)

scao_FTNT
Staff
Staff

thanks for the details provided, we confirmed issue on FMG 5.2.3 and will be fixed for FMG 5.2.4

 

Simon

aairey

So FortiManager 5.2.4 is out now.

 

Can you confirm it is working before we do the upgrade?

scao_FTNT

I am confirming this, will update after I get results

 

Thanks

 

Simon

Labels
Top Kudoed Authors