Good Morning!

I am new to Fortinet, having just moved our company from Cisco ASAs with Firepower to approximately 30 Fortigates, mostly models 40F, but a few of our bigger sites are using 60F and 81F. Currently running firmware version 7.2.6, build 1575.

We are now using FortiManager Cloud Central Management & Orchestration, v7.4.1-build4261 230914 (GA) and need to learn how to re-create the global policies that we used to apply using Cisco Firepower, now using FortiManager.

Policy-wise, the 40F's are configured almost all the same, except for an extra interface or Virtual IP or two.
The other sites have a bit more going on, hosting many more virtual IPs, using policy routes, etc.

There are some policies we would like to apply globally, where we can make the change in one place and it would apply to all of the devices in a group. The main example would be to have a policy rule to completely block a constantly changing list of countries from ever accessing our systems.

We would want this policy to have priority over any rules already existing on an individual offices policies.

Again i am completely new to Fortinet, so at this point i am starting with the basics and feel like i need to fully understand global ADOM layer first as a good starting point: https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/910786/global-adom-layer

But would someone be able to help by suggesting any good supplementary documentation/videos that has the steps or examples one would take to achieve this? And also anything i will need to watch out for? Any advice in general to get me started on the right foot would be appreciated.

Thank You,

Jesse