Hi there.
Anybody can help understanding how to use the global database for webfilter profiles?
I want to have some sort of "repository" in the global database, where I store my different webfilter profiles. Then I'd like to be able to pick/use them in the policy packages in each individual ADOM.
Is this possible? If so, how?
Thanks,
Flavio.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Tested in FMG 6.0.4, 3 ADOM's: root (6.0), test (6.0), Global Database (6.0)
- Create profile in Global Database
- Go to Policy Packages -> Assignment (might need to add it via 'Tools > Display Options')
- Add ADOM -> Status will be 'Pending Changes' (in our case, might be due to Workflow-mode)
- Choose desired assignment, we went for 'Assign ALL Objects'
- Profit from Global Database profiles in all assigned ADOM's
You have to Assign a global policy package. Click on "Assign Selected" and check the "Assign all objects" option to copy profiles to the target ADOMs.
Hi.
This is not working, or at least not like I'd wish it to work.
I would like to only copy the objects (wf profiles, for example). It does not work, unless I create some header and/or footer policies which use the objects I want to have in the ADOMs.
Or do you know a trick to achieve my goal without those annoying footer/header policies?
Also: when a global object is pushed into an ADOM, it is editable in that ADOM - which is completely agains the concept of using global objects!
I think that to do what you need you have to use mapping objects.
regards
gabyrossi wrote:Hi Gaby. Can you explain?I think that to do what you need you have to use mapping objects.
regards
F.
Hi, I misunderstood. To apply UTM profiles in different devices / adom you use footer / header policies. And assign it to the ADOM you want If I find another way, I'll comment again.
The Fortimanager guide says very briefly:
The global ADOM layer contains two key pieces: the global object database and all header and footer policies. Header and footer policies are used to envelop policies within each individual ADOM. These are typically invisible to users and devices in the ADOM layer. An example of where this would be used is in a carrier environment, where the carrier would allow customer traffic to pass through their network but would not allow the customer to have access to the carrier’s network assets.
Hi Gaby - thanks.
This is exactly what I do not want - having to use policies to just inject global ADOM objects into all other ADOMs... and in FMG 6.2 this is also not (yet) implemented! :(
F.
Tested in FMG 6.0.4, 3 ADOM's: root (6.0), test (6.0), Global Database (6.0)
- Create profile in Global Database
- Go to Policy Packages -> Assignment (might need to add it via 'Tools > Display Options')
- Add ADOM -> Status will be 'Pending Changes' (in our case, might be due to Workflow-mode)
- Choose desired assignment, we went for 'Assign ALL Objects'
- Profit from Global Database profiles in all assigned ADOM's
rowan.kaag wrote:Hi Rowan - thanks, you're right! I've tested it with FMG 6.0.5 and it works indeed!Tested in FMG 6.0.4, 3 ADOM's: root (6.0), test (6.0), Global Database (6.0)
Fortinet TAC has not told me this (and I was already using 6.0.4) :(
I saw this feature presented on FMG 6.2.0 and so I thought it would only be available on the newer FMG version...
Thanks,
Flavio.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.