Hi community !
Just need some point a view the way users manage their routers from the Fortimanager.
We have arround 150 routers managed from the fortimanager but our issue is that for now we have a policy object template for each router so manage. The fact is the config is globally the same on all routers but there is still a few diff on the policy rules and also on the Schedules, depending of the location of the router.
The point is that now we are reaching some number of objects limits due to the many templates copies.
I would like to use less template with may routers as target.
How do people manage that kind of scenario ?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If the majority of the policy set are the same through all FGTs, you can use below mechanism to cover the site specific factors.
1. metafield variable that you can use calculate or concatenate to plug in as one value
2. dynamic objects per location, like an address object with different IP per location
3. specify devices for a policy: under "Install On" column you can pick spcific devices to apply that policy
Based on these, we use about a handful of policy packages for 500+ FGTs for one customer.
Toshi
Hi,
I will provide some links about the points mention by @Toshi_Esumi :
https://docs.fortinet.com/search?p=fortimanager&q=jinja
https://community.fortinet.com/t5/FortiManager/Technical-Tip-Firewall-objects-use-as-metadata-variab...
https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-use-TCL-script-to-create-static-...
https://community.fortinet.com/t5/FortiManager/Technical-Tip-New-Meta-Variables-and-their-usage-incl...
https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/961974/static-route-templ...
https://docs.fortinet.com/document/fortimanager/6.4.0/examples/786254/configuring-the-static-routes
https://docs.fortinet.com/document/fortimanager/7.0.0/new-features/118769/static-route-template-with...
Best,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.