Hello, I am unable to import firewall policies to FMG.
In the FMG I have a “never installed “ raining and it’s fine, but when I import Policies from the FGT I keep getting this:
import objs: dev(xxxx-FW),vdom(root),adom(xxx),package(xxxxx_root) Failed to commit changes (command(set firewall policy.8:dstaddr xx.xx.xx.xx "*.xxx.com") detail(datasrc invalid. object: firewall policy dstaddr. detail: GOOGLE. solution: data cannot be used. reason: invalid value - prop[dstaddr]: Address group cannot contains wildcard-fqdn type address))
In the firewall there are NO wildcard-FQDN addresses in the whole firewall!!!!! The policy is working and it is making traffic, it’s just can’t be imported
Address group cannot contains wildcard-fqdn type address))I would inspect the policyid#8 and triple check the error looks clearly like something has a wildcard entry and the dst addr value
PCNSE
NSE
StrongSwan
Hello,
I know the problem lies there, but there is NO wildcards FQDN Address in the whole firewall.
Going to firewall -> Address list and scrolling down, there is NO FQDN address list.
IT seems Fortiguard, during the import, is importing another Address Object that lies elsewhere not in the firewall itself
Hey,
What is the Version of your FMG , FGT , and ADOM in question?
Cheers
Hello :)
all of them are 5.6.2
Anyway, I have solved removing the FGT from FMG and readding it :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.