I'm planning a deployment to migrate stateless router ACLs centrally managed by Ansible to FortiGates/FortiManager. I'm experienced with FortiOS but new to FortiManager and I'm trying to solve a policy management problem. We have multiple sites and we'll have one FortiGate at each site. Each FortiGate will have about 70 rules in common, but most of the sites additionally have between five and a dozen site-specific rules.
To manage this, I'd hoped to be able to layer multiple policy packages accordingly on each FortiGate. For example:
This is trivial with Juniper's Security Director, which allows you to apply as many "group policies" to a firewall as you want and commingle them with device-specific policies. I was expecting similar functionality from FortiManager, but, as I learn the platform, I find that it doesn't really work that way, and you're not supposed to apply multiple policy packages to a single firewall. So how do I do this? I'm only aware of two options:
Am I overlooking a feature? Does anyone have any better ideas?
Solved! Go to Solution.
Ah. There's a hidden feature which provides what I need:
https://docs.fortinet.com/document/fortimanager/7.6.0/administration-guide/17746/using-policy-blocks
Policy blocks allow you to define a group of policies and then apply the group to multiple policy packages and/or install them to select targets.
Ah. There's a hidden feature which provides what I need:
https://docs.fortinet.com/document/fortimanager/7.6.0/administration-guide/17746/using-policy-blocks
Policy blocks allow you to define a group of policies and then apply the group to multiple policy packages and/or install them to select targets.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.