To edit a policy action:
- Select desired policy tab in the policy toolbar.
- Select the policy in the table, then right-click the Action
- Select either Accept or Deny in the menu.
To edit policy security profiles:
- Select desired policy tab in the policy toolbar.
- Select the policy in the table and right-click the Profile
Profile right-click menu
- When you select each security profile option in the right-click menu, you can select the profile object.
To edit policy logging:
- Select desired policy tab in the policy toolbar.
- Select the policy in the table and right-click the Log
- You can select to disable logging, log all security events, or log all session in the menu.
Column options
For many of the policy tabs you can right-click the column header to access the column setting and column filters options. The columns and columns filters available are dependent on the tab and the ADOM firmware version.
Sequence number column options
To change the policy order by sequence number, you can left-click and drag-and-drop the policy.
Right-click in the Seq.# column to access the right-click menu. The following options are available:
Create New | Select to create a new policy. |
Insert Policy | Select to insert a policy above or below the policy selected. |
Edit | Select to edit the selected policy. The Edit Policy window opens. Make the required changes then select OK to save the changes. |
Delete | Select to delete the policy selected. Select OK in the confirmation dialog box to continue. |
Clone | Select to clone the selected policy. The Clone Policy window opens. Make the required changes then select OK to save the cloned policy. |
Copy | Select to copy the policy selected. |
Cut | Select to cut the policy selected. |
Paste | Select to paste the selected policy. Select the location where you want to paste the policy then select to paste above or below the policy. |
Cancel Copy/Cut | Select to cancel a copy or cut action. |
Add Section | Select to add a section above or below the policy selected. |
Enable | Select to enable the policy selected. |
Disable | Select to disable the policy selected. |
Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard
I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.
I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.
Some ADOM(s) were not deleted successfully because they are not empty
But those ADOMs are not used anywhere. How to find out where it is used?
No admin accounts having access to the ADOM, No policy package for the ADOM.
Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.
Is there any possibilities to find out the references for that ADOM on the FMG.
Hi Mike,
We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.
You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.
kind regards and thanks for this great support site, i look here first!
Did you follow the supported upgrade path when you moved your FortiManager up through the code?
Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”
Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629
Hello,
HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.
The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?