Fortinet black logo

Administration Guide

Home FortiManager 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Policy & Objects

Policy & Objects

Policy & Objects enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Classic Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. If Dock to Right is enabled, you can open the Objects window by clicking the expand icon on the right side of the screen. See Feature visibility.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view and configure policy packages.

Normalized Interface

Click to view and configure normalized interfaces.

Firewall Objects

Click to view and configure firewall objects.

Security Profiles

Click to view and configure security profiles.

User & Authentication

Click to view and configure user and authentication objects.

Security Fabric

Click to view and configure Fortinet Security Fabric objects.

Advanced

Click to view and configure advanced objects including metadata variables and CLI configurations.

If Display Policy & Objects in Dual Pane is enabled, all sections are shown on the same pane.

The following options are available in Policy Packages:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install Wizard

Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

Create New

Create a new policy. See Creating policies.

Edit

Edit a policy. See Editing policies.

Delete

Delete a policy.

Section

Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

Policy Lookup

Perform a policy lookup. See Policy Lookup

Collapse/Expand All

Collapse or expand all the categories in the policy list.

View Mode

Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

Tooltip

View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

Column Settings

Select which columns are displayed in the policy table.

The following options are available on the objects configuration panes:

Install Wizard

Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

Create New

Create a new object. See Create a new object.

Edit

Edit an object. See Edit an object.

Delete

Delete an object. See Delete an object.

More

Select the dropdown to view additional options for objects.

Column Settings

Select which columns are displayed in the objects table.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.
Previous
Next

Policy & Objects

Policy & Objects enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Classic Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. If Dock to Right is enabled, you can open the Objects window by clicking the expand icon on the right side of the screen. See Feature visibility.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view and configure policy packages.

Normalized Interface

Click to view and configure normalized interfaces.

Firewall Objects

Click to view and configure firewall objects.

Security Profiles

Click to view and configure security profiles.

User & Authentication

Click to view and configure user and authentication objects.

Security Fabric

Click to view and configure Fortinet Security Fabric objects.

Advanced

Click to view and configure advanced objects including metadata variables and CLI configurations.

If Display Policy & Objects in Dual Pane is enabled, all sections are shown on the same pane.

The following options are available in Policy Packages:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install Wizard

Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

Create New

Create a new policy. See Creating policies.

Edit

Edit a policy. See Editing policies.

Delete

Delete a policy.

Section

Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

Policy Lookup

Perform a policy lookup. See Policy Lookup

Collapse/Expand All

Collapse or expand all the categories in the policy list.

View Mode

Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

Tooltip

View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

Column Settings

Select which columns are displayed in the policy table.

The following options are available on the objects configuration panes:

Install Wizard

Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

Create New

Create a new object. See Create a new object.

Edit

Edit an object. See Edit an object.

Delete

Delete an object. See Delete an object.

More

Select the dropdown to view additional options for objects.

Column Settings

Select which columns are displayed in the objects table.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.
Previous
Next