Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiDoug
New Contributor

Fortimanager 7.2.2 shared policy issue

Hi Everyone,

 

I am implementing Fortimanager to simplify configuration of our firewalls.  We have (6) 70F units running 7.0.9.  I have added them all to Fortimanager, and cloned one of the configs to a policy package I want to use for all of them.  The configs are almost identical on all of them.  There are two units that do not have all of the needs that the other 4 do.  I have figured out how to prevent certain firewall policies from getting pushed to these through installation targets on the policies.  When I try to push this policy pak to the two units, I am getting the following:

 

Vdom copy failed:
error 0 - invalid value

Copy objects for vdom root
"firewall ssl-ssh-profile", "certificate-inspection", id=4360, SKIP - (null)
"firewall ssl-ssh-profile", "deep-inspection", id=4369, SKIP - (null)
"dynamic interface", "ATM VLAN", id=5216, INVALID MAPPING - (null)
"firewall central-snat-map", "3", id=8426, INVALID MAPPING - invalid value

 

These two firewalls do not have an ATM VLAN, so there is no entry in the normalized interface object for either of them.  I am not sure how SNAT is coming into play.  I cannot locate the Central SNAT (which we do use) anywhere in FM.

 

I am able to push this policy pak to all the other firewalls without issue.  Any insight into what I am doing wrong is appreciated.

DPA
DPA
1 Solution
gfleming
Staff
Staff

If the policy package references the ATM VLAN normalized interface then you will need to have a mapping for all of the FortiGates you are pushing it to whether they have an ATM VLAN or not.

Cheers,
Graham

View solution in original post

2 REPLIES 2
gfleming
Staff
Staff

If the policy package references the ATM VLAN normalized interface then you will need to have a mapping for all of the FortiGates you are pushing it to whether they have an ATM VLAN or not.

Cheers,
Graham
FortiDoug

Thank you for the confirmation.  I did add the VLAN yesterday and all is well.

DPA
DPA
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors