FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
ORIGINAL: Selective 2. You can configure RBL servers under spamfilter under the advanced menu, but here is no way to add the list to a spamfilter profile, and if its not in use the fortimanager will not push it to the fortgate...Catch 22.Hi Selective, sorry to hear about your issue. In general if you cannot find a way to configure policy/object config in FortiManager via the GUI or advanced options, it is possible to do so using Scripting. First ensure you are on latest version of FortiManager. Go to System Settings -> Admin Settings -> Show Script, and enable it. Then go to Device Managed / Devices & Groups tab, and go to Script and create a new CLI Script Paste in the RBL config that you want to use in CLI form which you could get from a FortiGate you have preconfigured. Override the script target and select the middle option which is Policy Package, ADOM or Database (or something similar to this). Press OK. Now right click the script and press Run. Select the policy package you want it to run on, and then this should import the config you are looking for. Hope this helps. Cheers!
ORIGINAL: Matthew Mollenhauer one " major" issue I' ve found is that a 5.0 ADOM cannot be upgraded to a 5.2 ADOM. According to our SE this feature won' t be available until FMG 5.2.1 and is not likely to be ever included in the 5.0.x releases.Hi Matthew, You are correct that FortiManager 5.0.x will not support 5.2 ADOM' s. Generally the FortiManager and FortiOS version need to match but I believe a strategy of " one version up, one version down" is being employed here. FortiManager 5.0.7 supports FortiGates on 5.2.0, if the ADOM is on a 5.0 policy package. Only 5.0.x features are supported in this scenario, but allows you to start to upgrade your firewalls to a newer version while keeping everything managed under the same umbrella. FortiManager 5.2.0 (or a patch thereof) should allow you continue using 5.0 policy package on both 5.0.x and 5.2.x FortiGates while you finish your migration. When all firewalls are up to 5.2.x, then you will have an option to upgrade the 5.0 policy package to 5.2 policy package, which then completes the migration. FortiManager 5.0.x patch added this same ability for 4.3 policy packages. So in a nutshell, FMGR and FGT versions should be paired whenever possible and the conversion tools that are there are really a way to be able to manage the process of bringing an environment up to the new version of code methodically. Hope that makes sense. Cheers!
ORIGINAL: Wurzlsepp Hi there just upgraded to 5.0.7. Dynamic objects now went into the object edit pane. Nice one! But it seems I cannot add any dynamic subnets in addresses. the OK button just does nothing and the change is not applied. I could track that down to the " /" not being accepted. IP ranges (a.b.c.d-a.b.c.e) works fine but looks terrible in the object table. Anybody with the same experience?Hi Wurzlsepp, You can indeed add dynamic subnets into policy. I have tried on FMGR 5.0.7 in my lab just now and posted a picture below. I have added one dynamic subnet and am in the process of adding another. You can add them as x.x.x.x/yy format. You can also make combinations so the " placeholder" dynamic object is a single IP while the mapped object to your FW is a subnet, and vice versa, and any mix therein. If you are still seeing different behavior, can you pls post a pic here and describe what it is you are trying to do? Cheers!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.