I recently joined a company using Fortinet firewalls of varying sizes in many far flung places.
A new site needs to be set up and I needed to practice setting things up remotely.
It seems that Fortimanager is just being used to back up configs and changes are being done directly on the firewall, when I inquired why this was I was told that FortiManager was a PITA!
Having played around with this for a few days now I have to concur.
Currently I've given up on pushing FortiIOS 5.2.6 from a 5.2 ADOM to my test 60D as the FortiManager constantly tries to push Wireless config which fails and generates warnings even though the required config does seem to go ok. We are not using Wireless at all for info.
So I created a 5.0 ADOM, which doesn't seem to have this problem, I may have deleted the default AP profiles, it's becoming a blur.
So I need to copy over the policy, cut paste between ADOMs is not allowed!! The policy is on the firewall still as well but I cannot import it. I find this very poor.
Any advice other than use Meraki?
FortiManager: v5.0.9-build0345 141022 (GA)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Currently FortiManager is trying to push this config:
config firewall service custom
edit "ALL"
set protocol-number 0
next
end
I've tried this manually and it seems to go on without complaint but still my installs all have warnings and Fortimanager is trying to resend with every policy or config push.
I'm testing to a 60D running FortiGate 5.0.12,build0318 (GA) and the FortiManager is constantly trying to push this config which doesn't need to be touched. This gives failed install messages and warning config pushes, nothing I can pass to the support guys.
---> generating verification report
(vdom root: firewall service custom "ALL":protocol-number)
remote original:
to be installed: 0
<--- done generating verification report
------- Start to retry --------
cnxfw $ config firewall service custom
cnxfw (custom) $ edit "ALL"
cnxfw (ALL) $ set protocol-number 0
cnxfw (ALL) $ next
cnxfw (custom) $ end
---> generating verification report
(vdom root: firewall service custom "ALL":protocol-number)
remote original:
to be installed: 0
<--- done generating verification report
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.