Hi, everyone, I have a new FORTIMANAGER organization VM version 6.4.11. I connected all the FW of the organization to it, I started to IMPORT the policy rules of the machines and I encountered something strange. A few minutes after performing the IMPORT (that the status is right and ok) the "policy package status" changes to "modified" when for sure no one has made any changes either in the manager or in FORTIGATE itself. Performing import policy repeatedly does not help. Has anyone come across something like this?
I think the reason may be because what the policy package in the FMG will be will not match exactly what could be on the FGT once you import it.
If you run the install wizard for the policy package and view the changes that will be made I would bet that there will be some deletions that the FMG would want to do on the FGT.
The reason is that the FMG imports everything by default (including addresses, VIPs, groups etc). But when it pushes the config to the FGT it will only push the objects that are referenced in something. If for example the FGT has address object address1 configured, but it's not being used anywhere, the FMG will delete it from the FGT at the next push (but it address1 will still be available on the FMG).
I'd recommend viewing the changes the FMG wants to make, and if you're happy with them then push it back to the FGT to get them both sync.
the situation is that I have many FortiGate that connect to my fortimanager.
I've started to do import policy for 3 of them.
the first Import policy was successful and ok when I've done Import policy for another fortigate both of the fortigate went "modified"... I think that is something with the object, but I don't want that the object on Firewall 1 will be Installed on fortigate 2
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.