We have a problem on our Fortimanager. While it;s within a secure environment it does not have access to the LDAP or FSSO servers. Only the fortigate has. Because of this I can only add new Groups to monitor on the Fortigate and then Import that config again to update the Fortimanager.
One problem we face is that the imported group object is only usable within the imported VDOM, when i try to use the same group on another policy, the Config fails to install referencing as Unknown Datasource (Policy Verification)
Where i thought this should be pushed and set as normal?
Kind regards,
Peter
Can you provide the error details?
Thanks
Simon
is that user adgrp config "CN=xxx" in your pic, existing in device db/FGT?
Thanks
Simon
in FMG 5.2 design, we requires that same name FSSO user exists in device db, then can correctly copy/install config to device/FGT
in FMG 5.4, we changed this design (so FMG ADOM db will communicate with remote FSSO server to update the user list), and will not block install, but on FGT side, if this user does not exist on FSSO server, then FGT side refresh (sync to FSSO server) will auto remove this user
Thanks
Simon
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.