Fortimanager - FSSO User Groups

Ackron · ‎11-27-2015

We have a problem on our Fortimanager. While it;s within a secure environment it does not have access to the LDAP or FSSO servers. Only the fortigate has. Because of this I can only add new Groups to monitor on the Fortigate and then Import that config again to update the Fortimanager.

One problem we face is that the imported group object is only usable within the imported VDOM, when i try to use the same group on another policy, the Config fails to install referencing as Unknown Datasource (Policy Verification)

Where i thought this should be pushed and set as normal?

Kind regards,

Peter

scao_FTNT · ‎11-27-2015

Can you provide the error details?

Thanks

Simon

Ackron · ‎11-28-2015

Here is the error:

Ackron · ‎11-28-2015

And this is the detail:

scao_FTNT · ‎12-10-2015

is that user adgrp config "CN=xxx" in your pic, existing in device db/FGT?

Thanks

Simon

scao_FTNT · ‎12-10-2015

in FMG 5.2 design, we requires that same name FSSO user exists in device db, then can correctly copy/install config to device/FGT

in FMG 5.4, we changed this design (so FMG ADOM db will communicate with remote FSSO server to update the user list), and will not block install, but on FGT side, if this user does not exist on FSSO server, then FGT side refresh (sync to FSSO server) will auto remove this user

Thanks

Simon

Fortimanager - FSSO User Groups

Nominate a Forum Post for Knowledge Article Creation