Hello,
I want to raise an issue that someone may encountered in the past.
We own 4 Fortigate (3 of the in HA-Cluster) devices which are imported as devices in Fortimanager.
Fortimanager version : v7.0.12 GA build0623
Fortigate version : v7.0.16 build0632
The issue is that i cannot have all of the devices Policy package status in imported state.
When i import configuration for one of them this specific device change state to "imported" and the rest 3 devices changing state to "Modified".
below is when i finished importing the the policy package in the 1st device
below is when i finished importing the the policy package in the 2nd device
Does anyone faced this issue before?
Any workaround is welcomed.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to understand all of those FGTs shares one object database if they are in the same ADOM. You need to have either unique object names or dynamic objects for the same names. Every time one of those objects updates, it would show up as modified.
So it's an expected result when you import them.
Toshi
You need to understand all of those FGTs shares one object database if they are in the same ADOM. You need to have either unique object names or dynamic objects for the same names. Every time one of those objects updates, it would show up as modified.
So it's an expected result when you import them.
Toshi
I assume you are prompted to choose to use the value either from FortiGate or Fortimanager whenever you perform an policy & object import for the other FortGates.
If you were to choose to use the values from FortiGate, it will automatically change the status to Modified for the other other FortGates since there can only be one unique value for certain ADOM objects once imported into the ADOM.
If you were to choose to use the values from FortiManager, it will not change the status of the other devices since you are essentially importing the objects into the ADOM while choosing to retain the value that has already been saved in the ADOM object.
" I assume you are prompted to choose to use the value either from FortiGate or Fortimanager whenever you perform an policy & object import for the other FortGates. "
Yes i prompted and i use every time the value from Fortigate as i did not want to change an object's value by accident.
I assume that it is better to use separated ADOMs for each fortigate than to use a single ADOM for all of 4 fortigates that are like in a HQ and Branches topology
I did not check the meta fields options yet but thanks for mentioning this ,
I think the approach with separated ADOM for each branch is good , before apply this solution i will test with dynamic objects or of meta fields as you suggested
Just a friendly caution if you decide to use "Meta Field" with 7.0. After 7.2, the global Meta Field itself was migrated to the new "Meta Variable" under ADOM. The FMG upgrade process converts them but it confused me a lot since I didn't know about the change at that time.
So if you wan to utilize the feature, I recommend you upgrade your FMG to 7.2.x first. You eventually need to do that any way to be able to upgrade your FGTs to 7.2.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.