- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to Import Policies
Hello, I am unable to import firewall policies to FMG.
In the FMG I have a “never installed “ raining and it’s fine, but when I import Policies from the FGT I keep getting this:
import objs: dev(xxxx-FW),vdom(root),adom(xxx),package(xxxxx_root) Failed to commit changes (command(set firewall policy.8:dstaddr xx.xx.xx.xx "*.xxx.com") detail(datasrc invalid. object: firewall policy dstaddr. detail: GOOGLE. solution: data cannot be used. reason: invalid value - prop[dstaddr]: Address group cannot contains wildcard-fqdn type address))
In the firewall there are NO wildcard-FQDN addresses in the whole firewall!!!!! The policy is working and it is making traffic, it’s just can’t be imported
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Address group cannot contains wildcard-fqdn type address))I would inspect the policyid#8 and triple check the error looks clearly like something has a wildcard entry and the dst addr value
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I know the problem lies there, but there is NO wildcards FQDN Address in the whole firewall.
Going to firewall -> Address list and scrolling down, there is NO FQDN address list.
IT seems Fortiguard, during the import, is importing another Address Object that lies elsewhere not in the firewall itself
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
What is the Version of your FMG , FGT , and ADOM in question?
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello :)
all of them are 5.6.2
Anyway, I have solved removing the FGT from FMG and readding it :)