Fortinet black logo

Administration Guide

Policy & Objects

Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view configured policy packages and folders in the tree menu.

Object Configurations

Click to view configurable objects in the tree menu.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Display Options, or Object Selection Pane.

Create New

Create a new policy. See Creating policies.

Edit

Edit a policy. See Editing policies.

Delete

Delete a policy.

Section

Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

Policy Lookup

Perform a policy lookup. See Policy Lookup

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Column Settings

Select which columns are displayed in the policy table.

View Mode

Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

Tooltip

View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

Create New

Create a new object. See Create a new object.

Edit

Edit an object. See Edit an object.

Delete

Delete an object. See Remove an object.

More

Select the dropdown to view additional options for objects.

Column Settings

Select which columns are displayed in the objects table.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.

Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view configured policy packages and folders in the tree menu.

Object Configurations

Click to view configurable objects in the tree menu.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Display Options, or Object Selection Pane.

Create New

Create a new policy. See Creating policies.

Edit

Edit a policy. See Editing policies.

Delete

Delete a policy.

Section

Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

Policy Lookup

Perform a policy lookup. See Policy Lookup

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Column Settings

Select which columns are displayed in the policy table.

View Mode

Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

Tooltip

View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

Create New

Create a new object. See Create a new object.

Edit

Edit an object. See Edit an object.

Delete

Delete an object. See Remove an object.

More

Select the dropdown to view additional options for objects.

Column Settings

Select which columns are displayed in the objects table.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.