Fortinet black logo

Administration Guide

Firewall Policy & Objects

Firewall Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following tabs are available on the Policy & Objects pane by default:

Policy Packages

Click to display the Policy Packages pane.

Object Configurations

Click to display the Object Configurations pane.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install Wizard

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Object Selector

Open the object selector pane on the bottom or right side of the content pane. This option is not available when dual pane is enabled.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.

Firewall Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following tabs are available on the Policy & Objects pane by default:

Policy Packages

Click to display the Policy Packages pane.

Object Configurations

Click to display the Object Configurations pane.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install Wizard

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Object Selector

Open the object selector pane on the bottom or right side of the content pane. This option is not available when dual pane is enabled.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.