Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jhoggard
New Contributor

Fortimanager - User Group

Hi All,

 

We have a remote client VPN defined and have users authenticating against a local user group.

 

When adding local users to this user-group on the Fortimanager it shows that there is nothing to push down to the Fortigate.

 

As this user-group is just tied to the VPN it is not part of a policy. Is the only way around this by making a dummy policy with this user-group defined? as when its not part of a policy it doesn't push anything down, please can anyone confirm why this is the case?

 

Thanks,

 

2 REPLIES 2
boneyard
Valued Contributor

sounds very familiar, FortiManager after all these years doesn't always pick up on things which aren't tied to the more regular stuff like policies.

 

for sure also create a support ticket for this, it might be solved in newer versions and else at least a bug is created for it.

sw2090
Honored Contributor

In this case I think the "problem" is that the VPN itself is device config while the usergroup is part of the policy package. The VPN is referencing the usergroup but FMG does not consider this in the policy package. So it sees the usergroup as unused in the policy package and does not deploy the changes.

The bug indeed is that FMG does not count crossreferences from device config to objects in policy package and mark the object in policy package as "in use". 

As a workaround I created some dummy policy that don't harm anyone but use the usergroup so that is now in use ;)

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors