Policy and Objects – FortiManager 5.2

Managing policies

Policies in policy packages can be created and managed by selecting an ADOM from the drop-down list, and then selecting the policy package whose policies you are configuring from the policy package list. Sections can also be added to the policy list to help organize your policies.

The content pane contains tabs for configuring different policy types, targets, and NAT entries. Policy and Installation are enabled by default in Display Options; see Display options for more information.

Policy

Interface policy

Central NAT

IPv6 policy

Explicit proxy poSlicy

IPv6 interface policy

DoS policy

IPv6 DoS policy

NAT46 policy

NAT64 policy

Installation

Various options are also available from column specific right-click menus, for more information see Column options.

If workspace is enabled, you must lock an ADOM or policy package prior to performing any management tasks on it. See Lock an ADOM or policy package for instructions.

For more information about policies, see the FortiOS Handbook, available in the Fortinet Document Library.

Policy creation varies depending on the type of policy that is being created.

Please see the section below that corresponds to the type of policy you are creating for specific instructions on creating that type of policy.

To insert a policy:

Generic policies can be inserted above or below the currently selected policy by right-clicking within the sequence number cell and selecting Insert Policy > Above or Insert Policy > Below from the menu.

To edit a policy:

Policies can be edited by either right-clicking on the policy sequence number in the policy list and selecting Edit in the menu, or by double clicking on the sequence number. Both methods will open the Edit Policy dialog box.

Policies can also be edited in-line by right-clicking on either the cell that is to be edited or on the content within that cell. See

Edit a policy

To clone a policy:

To clone a policy, right-click in the policy sequence number cell and select Clone from the menu. The Clone Policy dialog box opens with all of the settings of the original policy. Edit the settings as required and select OK to create the clone.

To copy, cut, or paste a policy:

Policies can be copied and cut using the requisite selection from the menu found by right-clicking in the policy sequence number cell.

When pasting a copied or cut policy, it can be inserted above or below the currently selected policy.

The menu also provides the option to Cancel Copy/Cut in the event that you need to undo the copy or cut that you just performed.

To delete a policy:

To delete a policy, right-click in the policy sequence number cell and select Delete from the menu. Select OK in the confirmation dialog box to delete the policy.

To add a section:

Sections can be used to help organize your policy list. Policies can also be appended to sections.

To add a section, right-clicking in the sequence number cell and select Add Section > Above or Add Section > Below to add a section either above or below the currently selected policy.

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

9 thoughts on “Policy and Objects – FortiManager 5.2

  1. Richard Lopez

    Question about ADOMs. In previous versions of FortiOS 4.3 maybe earlier. When you had multiple devices under an ADOM the policies and objects were clearly separated per device being managed. With the newer FortiOS it seems as though there is overlapping and my policies and objects seem to be cross contaminated between devices. What is your perspective on this and/or work around? Thank you in advance – Richard

    Reply
    1. Mike Post author

      I always keep my devices separated by Firmware version. ADOM 4.3 ADOM 5.2 ADOM 5.4 etc to keep things nice and neat.

      Reply
  2. simbhu

    I have an issue for deleting the V4.2 ADOMs from FMG V5.2 getting the below error.

    Some ADOM(s) were not deleted successfully because they are not empty

    But those ADOMs are not used anywhere. How to find out where it is used?

    No admin accounts having access to the ADOM, No policy package for the ADOM.

    Reply
    1. Mike Post author

      Usually, it experiences this issue because something somewhere is still referencing it. Whether that item be a policy package as you mentioned before or a group etc.

      Reply
  3. Thierry

    Hi Mike,

    We use fortimanager v5.4.1-build1082 160629 (GA) FMG-VM64 but we cant drag and drop within the rule base. (drag en drop from the object side plain does work) I have seen a instruction video were they lock the adom but also that future is non exsistent in our GUI.

    You have any idea what this could be ? I did not see any issues on this subject on the fortinet site. We have upgraded from a older version FM.

    kind regards and thanks for this great support site, i look here first!

    Reply
      1. Thierry

        Not sure ( I was not involved and there is no change history) but i did found this in the “alert message console”

        Upgrade image from v5.2.7-build0757-160408(GA) to v5.4.1-build1082-160629

        Reply
  4. linaab

    Hello,

    HELP !! we have multiple firewalls we would like to upload on our Fortimanager in the same ADOM.

    The problem is that some objects have the same names but different IPs adresses. i read that the only solution is mapping the objects. if we do so we will have to it manually on every object (more than ~200) which is not an option for me. Can you please help me with this problem ?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.