Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ronio
New Contributor

Fortimanager

Hi, everyone,
I have a new FORTIMANAGER organization VM version 6.4.11.
I connected all the FW of the organization to it, I started to IMPORT the policy rules of the machines and I encountered something strange.
A few minutes after performing the IMPORT (that the status is right and ok) the "policy package status" changes to "modified" when for sure no one has made any changes either in the manager or in FORTIGATE itself. Performing import policy repeatedly does not help. Has anyone come across something like this?

Thank you.

2 REPLIES 2
amouawad
Staff
Staff

I think the reason may be because what the policy package in the FMG will be will not match exactly what could be on the FGT once you import it.

 

If you run the install wizard for the policy package and view the changes that will be made I would bet that there will be some deletions that the FMG would want to do on the FGT.

 

The reason is that the FMG imports everything by default (including addresses, VIPs, groups etc). But when it pushes the config to the FGT it will only push the objects that are referenced in something. If for example the FGT has address object address1 configured, but it's not being used anywhere, the FMG will delete it from the FGT at the next push (but it address1 will still be available on the FMG).

 

I'd recommend viewing the changes the FMG wants to make, and if you're happy with them then push it back to the FGT to get them both sync.

 

 

ronio
New Contributor

Hi

I don't want to do "Install".

the situation is that I have many FortiGate that connect to my fortimanager.

I've started to do import policy for 3 of them.

the first Import policy was successful and ok when I've done Import policy for another fortigate both of the fortigate went "modified"... I think that is something with the object, but I don't want that the object on Firewall 1 will be Installed on fortigate 2

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors