To lock a policy package:
- Select the specific ADOM on which you will be making changes from the drop-down list in the toolbar, or select Global.
- Select the policy package, click the right mouse button, and select Lock & Edit from the menu.
The policy package will now be locked, allowing you to make changes to it, and preventing other administrators from making any changes, unless lock override is enabled (see Extend workspace to entire ADOM).
When the policy package is locked, other users are unable to lock the ADOM. The policy package can be edited in a private workspace. Only the policy package is in the workspace, not the object database. When locking and editing a policy package, the object database remains locked. The policy package lock status is displayed in the toolbar.
Create a new policy package or folder
To create a new policy folder:
- Select the specific ADOM in which you are creating the policy folder from the drop-down list in the toolbar, or select Global to create a folder for global policy packages.
- Select a policy package and click the right mouse button on a policy package to access the menu. Alternatively, select the Policy Package menu in the toolbar.
- Under the Policy Folder heading in the menu, select Create New.
- Type a name for the new policy folder in the dialog box and then select OK. The new policy folder will be added to the tree menu.
To create a new global policy package:
- Select Global in the toolbar.
- Select a policy package and click the right mouse button on a policy package to access the menu. Alternatively, select the Policy Package menu in the toolbar.
- Under the Global Policy Package heading in the menu, select Create New.
- Type a name for the new global policy package in the dialog box. If you are cloning a previous policy package, select Clone Policy Package and type the name of the policy package you would like to clone in the resulting text field.
- Select OK to add the policy package.
To create a new policy package:
- Select the specific ADOM in which you are creating the policy package from the drop-down list in the toolbar.
- Right-click on a policy package or folder in the Policy Package Alternatively, select the Policy Package menu in the toolbar.
- Under the Policy Package heading in the menu, select Create New. The Create New Policy Package dialog box opens.
Create new policy package
- Configure the following settings:
| Name | Type a name for the new policy package |
| Clone Policy Package | If you are cloning a previous policy package, select Clone Policy Package and select the policy package you would like to clone from the list. |
- Select OK to add the policy package.
- Select Installation in the Policy Package tab bar and select Add in the toolbar. The Add Device/Group to Policy Package Installation Target window opens.
Installation targets
- Select the devices or groups for the policy package.
- Select OK to save the setting.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard
I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.
I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.
Some ADOM(s) were not deleted successfully because they are not empty
But those ADOMs are not used anywhere. How to find out where it is used?
No admin accounts having access to the ADOM, No policy package for the ADOM.
Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.
Is there any possibilities to find out the references for that ADOM on the FMG.
Hi Mike,
We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.
You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.
kind regards and thanks for this great support site, i look here first!
Did you follow the supported upgrade path when you moved your FortiManager up through the code?
Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”
Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629
Hello,
HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.
The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?