Export a policy package
You can export a policy package to a CSV file.
To export a policy package:
- Select the specific ADOM that contains the policy package you are exporting from the drop-down list in the toolbar.
- Right-click on a policy package or folder in the Policy Package
- Under the Policy Package heading in the menu, select Export.
- If prompted by your web browser, select a location to where save the file, or open the file without saving.
Policy packages are exported as CSV files.
Edit the installation targets for a policy package
To edit a policy package’s installation targets:
- Select the ADOM that contains the policy package whose installation target you are editing from the drop-down list in the toolbar.
- Select the name of the policy package from the list, then select the Installation tab in the policy package toolbar.
- Select Add in the toolbar. The Add Installation Target dialog box opens.
Add installation target
- Adjust the installation targets as required, then select OK.
Perform a policy consistency check
The policy check tool allows you to check all policy packages within an ADOM to ensure consistency and eliminate conflicts that may prevent your devices from passing traffic. This allows you to optimize your policy sets and potentially reduce the size of your databases.
The check will verify:
- Object duplication: two objects that have identical definitions l Object shadowing: a higher priority object completely encompasses another object of the same type l Object overlap: one object partially overlaps another object of the same type l Object orphaning: an object has been defined but has not been used anywhere.
The policy check uses an algorithm to evaluate policy objects, based on the following attributes:
- The source and destination interface policy objects l The source and destination address policy objects l The service and schedule policy objects.
To perform a policy check:
- Select the ADOM that you will be performing the consistency check on from the drop-down list in the toolbar.
- Right-click on a policy package or folder in the Policy Package
- Under the Policy Package heading, select Policy Check. The Consistency Check dialog box opens.
Consistency check dialog box
- To perform a new consistency check, select Perform Policy Consistency Check, then select Apply.
A policy consistency check is performed, and the results screen is shown.
Consistency check results window
To view the results of the last policy consistency check:
- Select the ADOM that you previously performed a consistency check in from the drop-down list in the toolbar.
- Right-click on a policy package or folder in the Policy Package
- Under the Policy Package heading in the menu, select Policy Check. The Consistency Check dialog box opens.
- To view the results of the most recent consistency check, select View Last Policy Consistency Check Results, then select Apply.
The Consistency Check window opens, showing the results of the last policy consistency check. See Consistency check results window.
Policy search
Use the search field in the Policy & Objects tab to search policies for matching rules or objects. Entering text in the search field will highlight matches.
Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard
I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.
I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.
Some ADOM(s) were not deleted successfully because they are not empty
But those ADOMs are not used anywhere. How to find out where it is used?
No admin accounts having access to the ADOM, No policy package for the ADOM.
Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.
Is there any possibilities to find out the references for that ADOM on the FMG.
Hi Mike,
We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.
You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.
kind regards and thanks for this great support site, i look here first!
Did you follow the supported upgrade path when you moved your FortiManager up through the code?
Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”
Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629
Hello,
HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.
The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?