Policy and Objects – FortiManager 5.2

9 Replies

Lock an ADOM

If workspace is enabled, you must lock an ADOM prior to performing any management tasks on it. See Lock an ADOM or policy package for instructions.

Create a new object

Objects can be created as global objects, or for specific ADOMs.

To create a new object:

  1. Select the specific ADOM in which you are creating the object from the drop-down list in the toolbar, or select Global to create a global object. The objects list is displayed in lower frame.
  2. Select the object type that you will be creating. For example, view the firewall addresses by going to Firewall Objects > Address.

The firewall address list is displayed in the content pane. The available address or address group lists are selectable on the content pane toolbar.

Firewall objects
  1. To create a new firewall address, select Create New, then select the type of address from the drop-down list. In this example, Address was selected. The New Address dialog window will open.
Create new firewall address object

Enter the required information, depending on the object selected, and then select OK to create the new object.

Map a dynamic object

The devices and VDOMs to which a global object is mapped can also be viewed from the object list. In v5.2 or later, you can add an object to groups and enable dynamic mapping. These options are not available for all objects.

When the Dynamic Mapping option is available, select Create New to configure the dynamic mapping.

Dynamic mapping

Remove an object

To remove an object, browse to the object’s location in the object tree menu, select the object in the object list, and either click on the Delete button, or right-click on the object name and select Delete from the menu.

Edit an object

After editing an object in the object database, the changes are immediately reflected within the policy table in the Web-based Manager; no copying to the database is required.

To edit an object:

  1. Browse to the location of the object that you want to edit in the object tree menu.
  2. From the object list in the lower content pane, do one of the following:

3.Double-click on the name of the object to be edited

4.Right-click on the name of the object to be edited and select Edit from the menu.

  1. Edit the information as required, and select OK.

Clone an object

If a new object that you are creating is similar to a previously created object, the new object can be created by cloning the previous object.

To clone an object:

  1. Browse to the location of the object that is to be cloned in the object tree menu.
  2. Right-click on the object or group and select Clone from the menu. The Edit dialog box opens.
  3. Adjust the information as required, and then select OK to create the new object.
  4. Browse to the location of the object in the object tree menu or policy.
  5. Right-click on the object or group and select Where Used from the menu.

Search objects

The search objects tool allows you to search objects based on keywords.

To dynamically search objects:

  1. Browse to the object type that you would like to search in the object tree menu.
  2. In the search box on the right side lower content frame toolbar type a search keyword. The results of the search are updated as you type and displayed in the object list.

Drag and drop objects

Objects can be dragged and dropped from the object frame, or from other policies, into specific cells of a given policy.

For example, an address object can be dragged into the source or destination cells of a policy.

One or more objects can be dragged at the same time. When dragging a single object, a box beside the pointer will display the name of the object being dragged. When dragging multiple objects, the box beside the pointer will show a count of the number of objects that are being dragged.

The cells or columns that the object or objects can be dropped into will be highlighted in the policy package pane. After dropping the object or objects into a cell or column, the object will immediately appear in the cell as part of the policy, or in all the cells of that column.

CLI-Only objects

FortiManager v5.2.0 or later adds the ability to configure objects in the Web-based Manager which are available only configurable via the FortiOS command line interface.

CLI only objects example

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

9 thoughts on “Policy and Objects – FortiManager 5.2

  1. Richard Lopez

    Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard

    Reply
    1. Mike Post author

      I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.

      Reply
  2. simbhu

    I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.

    Some ADOM(s) were not deleted successfully because they are not empty

    But those ADOMs are not used anywhere. How to find out where it is used?

    No admin accounts having access to the ADOM, No policy package for the ADOM.

    Reply
    1. Mike Post author

      Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.

      Reply
  4. Thierry

    Hi Mike,

    We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.

    You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.

    kind regards and thanks for this great support site, i look here first!

    Reply
      1. Thierry

        Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”

        Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629

        Reply
  5. linaab

    Hello,

    HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.

    The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.