Details page
You can select to download this information as a CSV file to your management computer.
Select Close to return to the Policy & Objects page.
Managing objects and dynamic objects
All objects within an ADOM are managed by a single database unique to that ADOM. Objects inside that database can include items such as addresses, services, intrusion protection definitions, antivirus signatures, web filtering profiles, etc.
Many objects now include the option to enable dynamic mapping. You can create new dynamic maps. When this feature is enabled, a table is displayed which lists the dynamic mapping information. You can also select to add the object to groups, when available, and add tags.
When making changes to an object within the object database, changes are reflected immediately within the policy table in the Web-based Manager; no copying to the database is required.
Dynamic objects are used to map a single logical object to a unique definition per device. Addresses, interfaces, virtual IPs, and an IP pool can all be addressed dynamically.
Objects and dynamic objects are managed in lower frame of the Policy & Objects tab. The available objects varies depending on the specific ADOM selected.
Objects
Objects can be dragged and dropped from the object frame into specific cells of a given policy. For example, an address object can be dragged into the source or destination cells of a policy. For more information see Drag and drop objects.
To view more information about an object in a policy, hover the pointer over the cell that contains that object. After one second, a tool tip will appear giving information about the object or objects in that cell.
FortiManager objects are defined either per ADOM or at a global level. In the Policy & Objects tab, either select the ADOM from the drop-down list or select Global. Objects are displayed in the content pane.
Objects and global objects
Objects Type | Available Objects | Level | |
Interface | l Interface l Create a new interface and enable zones.
l Dynamic Mapping option |
ADOM and Global |
Objects Type | Available Objects | Level |
Firewall Objects | Address l Create a new Address, Address Group, IPv6 Address, or IPv6 Address Group. You can select to add the object to groups and enable dynamic mapping. When enabling dynamic mapping, select Create New to edit the mapped device, and map to address.
Service l Create a new Service (Firewall or Explicit Proxy) or Service Group. You can select to add the object to groups. Schedule l Create a new Recurring Schedule, Onetime Schedule, or Schedule Group. You can select to add the object to groups. Traffic Shaper l Create a new Shared Shaper or Per-IP Shaper. Virtual IP l Create a new IPv4 Virtual IP, IPv6 Virtual IP, NAT64 Virtual IP, NAT46 Virtual IP, IPv4 VIP Group, IPv6 VIP Group, NAT64 VIP Group, NAT 46 VIP Group, IP Pool, or IPv6 IP Pool. You can select to add the object to groups and enable dynamic mapping. When enabling dynamic mapping, select Create New to edit the mapped device, and map to address. l Load Balance l Virtual Server l Real Server l Health Check Monitor l Web Proxy Forwarding Server Create a new Web Proxy Forwarding Server. |
ADOM and Global
Load Balance is available at the ADOM level only. |
Objects Type | Available Objects | Level |
Security Profiles | l AntiVirus Profile l Web Filter Profile l Application Sensor l IPS Sensor
l Email Filter Profile l Data Leak Prevention Sensor l VoIP Profile l ICAP Profile l MMS Profile l Create a new MMS Profile. (FortiCarrier only) l GTP Profile l Create a new GTP Profile. (FortiCarrier only) l Advanced l Application List l Create a Custom Application Signature. l Web Content Filter l Web URL Filter l Local Category l Rating Overrides l Create a New Local Rating. l IPS Custom Signature l Create a New Custom Signature. l Email List l File Filter l Detection List l ICAP Server l Create a New ICAP Server. l Proxy Options l Create new Proxy Options. l SSL/SSH Inspection l Create New Deep Inspection Options. l Profile Group l Create a new Profile Group. l SSL VPN Portal l Create a new SSL VPN Portal. |
ADOM and Global |
Objects Type | Available Objects | Level |
User & Device | l User Definition l Create a New User. You can select to add the object to groups.
l POP3 User l Create a new POP3 user. l User Group l Create a New User Group. Add remote authentication servers. l Device l Create a new Device or Device Group. l Remote l Create a new LDAP, RADIUS, or TACACS+ Server. Dynamic Mapping option. l PKI l Create a New PKI User. l SMS Service l Create a new SMS Server. l FortiToken l Add a new FortiToken. l Single Sign-On l Create a New RADIUS Single Sign-On Agent and Retrieve FSSO Agent. |
ADOM and Global |
WAN Opt | l Profile l Create a new WAN Optimization
Profile. l Peer l Create a new WAN Optimization Peer. l Authentication Group l Create a new Authentication Group. |
ADOM and Global |
Dynamic Objects | l Local Certificate l Create a New Dynamic Local
Certificate. l VPN Tunnel l Create a New Dynamic VPN Tunnel. You can select to enable dynamic mapping. When enabling dynamic mapping, select Create New to edit the mapped device and VPN tunnel. |
ADOM only |
Objects Type | Available Objects | Level |
CLI-Only Objects | Configure CLI only objects. The available objects are dependent on the ADOM version and device options. | ADOM and Global |
Advanced | Replacement Message Group l Create a new replacement message group. | ADOM and Global |
Advanced | CA Certificate l Import and view CA Certificates. | ADOM only |
Advanced | Tag Management l Create a new Tag. | ADOM and Global |
Advanced | Script l Create or import a new script. | Global only |
Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard
I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.
I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.
Some ADOM(s) were not deleted successfully because they are not empty
But those ADOMs are not used anywhere. How to find out where it is used?
No admin accounts having access to the ADOM, No policy package for the ADOM.
Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.
Is there any possibilities to find out the references for that ADOM on the FMG.
Hi Mike,
We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.
You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.
kind regards and thanks for this great support site, i look here first!
Did you follow the supported upgrade path when you moved your FortiManager up through the code?
Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”
Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629
Hello,
HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.
The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?