Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ss198939
New Contributor

Fortimanager- Push to device- Partial Install enable- not working

Hi Dear, i have enabled partial install via CLI. as per below link. but now also i am not able to push any newly created object. like i have created new LDAP object and i want that should go to the firewall which i have added by per device mapping. i am getting error there is not install device. http://help.fortinet.com/...00_Push%20an%20object.

11 REPLIES 11
chall_FTNT
Staff
Staff

Any object you wish to install with partial install must be referenced in the policy package associated with that device.  If that is the case and you still get an error, can you provide the exact syntax of your error?

Chris Hall
Fortinet Technical Support
chall_FTNT

For more information, see Push to Device

 

Chris Hall
Fortinet Technical Support
ss198939

chall_FTNT thanks for quick answer. it was never expected that much quick response.

what i understood is :- if i am creating any object then i need to call that object in policy. otherwise it will show the same error.

 

so what is the use of partial install. because earlier also i have to call the newly created object in policy then it got reflected in firewall.

chall_FTNT

One of the benefits of partial-install is the ability to push an object to many devices even if those devices do not all share the same policy package.  The feature was first added for customers who wanted to push modified URL lists quickly to a large # of managed FortiGates.

Chris Hall
Fortinet Technical Support
ss198939

Then what is the purpose of per device mapping. When creating object. I am not sure but I think this also serve same kind of purpose. Thanks for the above response.
chall_FTNT

Per device mapping is needed if the value of the ADOM object is going to be different on a particular device than the default value.

Chris Hall
Fortinet Technical Support
ss198939

My requirement is that i have created ldap server. Now i only want it to be used for fortigate authentication. I want to add user with ldap option. But i don't want to create any policy because my motive is not user authentication for internet access. I want 3 user to be in a restricted group for loging to firewall. And 1 in superadmin right. For this k have created group in ad. Now i want to create ldap admin account. And push to fortigate
chall_FTNT

For some objects, the requirement for the object to be referenced in a policy package is waived for regular policy package installs.  Remote servers are one such example.  However, the remote server must still be referenced by an admin user.

 

The exception may not apply to partial install.

Chris Hall
Fortinet Technical Support
chall_FTNT

For a comment regarding this exception to the rule of requiring direct references during policy package install, see this page in the FortiManager online guide:

Install a policy package

 

The list of exceptions is not exhaustive however & so does not mention LDAP server specifically.

 

Chris Hall
Fortinet Technical Support