Hello,
Last week i posted a question similar to the one i am about to ask, but i believe i may have asked it in the wrong way. So here is the question posed in a more open ended way, asking for some direction.
I am new to Fortinet, having just moved our company from Cisco ASAs with Firepower to approximately 30 Fortigates, mostly models 40F, but a few of our bigger sites are using 60F and 81F. Currently running Fortimanager Cloud, firmware version 7.2.6, build 1575.
We are now using FortiManager Cloud Central Management & Orchestration, v7.4.1-build4261 230914 (GA) and need to learn how to re-create the global policies that we used to apply using Cisco Firepower, now using FortiManager.
Policy-wise, the 40F's are configured almost all the same, except for an extra interface or Virtual IP or two.
The other sites have a bit more going on, hosting many more virtual IPs, using policy routes, etc.
There are some policies we would like to apply globally, where we can make the change in one place and it would apply to all of the devices in a group. The main example would be to have a policy rule to completely block a constantly changing list of countries from ever accessing our systems.
We would want this policy to have priority over any rules already existing on an individual offices policies.
I was under the impression i needed to enable and create ADOMs to do this but it appears you cannot even use ADOMs with the cloud version, because i asked support a question about it and this is the response i received:
"Hello Jesse,
These options are not available when using FortiManager Cloud.
https://docs.fortinet.com/document/fortimanager-cloud/7.4.1/release-notes/865961/limitations-of-fort...
To use ADOMs and global policies, you would need to purchase a FortiManager VM or appliance."
So is there another kind of policy/method that we can achieve what i described above with when it comes to FortiManager Cloud, so i can read the appropriate documentation?
Thanks for your help!
Jesse
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can set multiple installation targets for a policy package. This way, you can set your fleet of 40Fs as installation targets for a single policy package. Once a change is made to the policy package, the change will be installed to all the installation targets accordingly.
Hi @jrobetoy ,
Review also the policy blocks.
https://docs.fortinet.com/document/fortimanager/7.4.0/administration-guide/17746/using-policy-blocks
Best,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.