The Fortinet chosen naming convention for objects created in the global ADOM uses a single letter 'g' prefix. Fortinet documentation says that you should not create objects in ADOMs that begin with letter 'g' or else conflicts can occur with the global ADOM objects. This would preclude the use of address objects named 'google', 'gmail', 'greatscot', and on and on. So it would seem that the choice of using a prefix 'g' is very limiting.
Why did Fortinet choose this naming method?
Are there any ways to relax this rule to allow other prefix characters or strings?
Would it be better to provide an option to use a different prefix, such as an underscore, or even a user configurable character?
Would it be even better if a user configurable string could be used? Such as, 'global_', '_glbl_', 'g_', or some other user chosen string?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The restriction is actually on firewall objects whose names are prefixed with 'g-' i.e., the letter g PLUS a dash.
1. These are reserved by FMG for objects at global ADOM level.
2. This naming convention is also adopted by FortiGates when using global scope objects on FortiGates with multiple VDOMs enabled. Until the most recent FMG firmware, FortiManager didn't support such objects retrieved from FortiGate. The rationalle was that global scope objects are not needed on FortiGates managed by FortiManager. However, support for such global scope objects was added in FMG 7.2.2.
Hello Katoomba,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
as far as I can say after some years of usig global objects in FMG: I don't think the letter "g" on its own would produce any conflicts. You will though get into trouble if a global object has the exact same name as a non global one in your adom. In this case the assignment in global adom will fail.
I ran into this several times during migrating objects from adom into global ;)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Created on 12-01-2023 06:16 AM Edited on 12-01-2023 10:57 AM
Hi sw2090,
You bring up a good point. It is potentially confusing to be confronted with objects named with the 'g' prefix because you don't immediately know if they're ADOM or global objects.
My work around is probably going to be naming global objects with "lbl_" prefix and let Fortimanager push the "g" onto the front so that all global objects become "glbl_<xxxx>".
The restriction is actually on firewall objects whose names are prefixed with 'g-' i.e., the letter g PLUS a dash.
1. These are reserved by FMG for objects at global ADOM level.
2. This naming convention is also adopted by FortiGates when using global scope objects on FortiGates with multiple VDOMs enabled. Until the most recent FMG firmware, FortiManager didn't support such objects retrieved from FortiGate. The rationalle was that global scope objects are not needed on FortiGates managed by FortiManager. However, support for such global scope objects was added in FMG 7.2.2.
Thanks for that detail, Chris. Very much appreciated. The use of "g-" (g followed by a dash) makes it much less likely that collisions will happen with user naming conventions.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.