Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SteveF
New Contributor

FortiManager 6.0.4 - Policy & Objects

Hello,

 

I have a problem with the FortiManager in version 6.0.4.

If i create a new object like an address, the policy package don't see the difference between old configuration and newest.

So the FMG don't push the policy with new address added on a rule.

 

If someone meet this problem. Maybe the version of FortiManager.

 

Thank's

 

5 REPLIES 5
brazz_FTNT
Staff
Staff

Hello, 

 

Do you have that address to any policy rules ?

 

Thanks

 

 

SteveF

Hi,

 

Yes i added this address to a group where used in multiple policy.

 

 

brazz_FTNT

OK  what is the version of your FMG and FGT 

 

Can you please run 

get system status on both ?

 

Also what is the ADOM Version ?

 

 

SteveF

FortiManager and FortiGate are in v6.0.4 both.

 

ADOM version is in 6.0

 

See below the two command result : 

s-res-194 # get system status Platform Type : FMG-VM64 Platform Full Name : FortiManager-VM64 Version : v6.0.4-build0292 190109 (GA) Serial Number : FMG-VMTM19002896 BIOS version : 04000002 Hostname : s-res-194 Max Number of Admin Domains : 20 Max Number of Device Groups : 20 Admin Domain Configuration : Disabled HA Mode : Stand Alone Branch Point : 0292 Release Version Information : GA Current Time : Thu May 16 08:52:41 CEST 2019 Daylight Time Saving : Yes Time Zone : (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. x86-64 Applications : Yes Disk Usage : Free 189.32GB, Total 199.66GB File System : Ext4 License Status : Valid

f-res-200 # get system status Version: FortiGate-200E v6.0.4,build0231,190107 (GA) Virus-DB: 68.00549(2019-05-15 22:15) Extended DB: 68.00549(2019-05-15 22:15) IPS-DB: 6.00741(2015-12-01 02:30) IPS-ETDB: 14.00614(2019-05-15 00:02) APP-DB: 14.00614(2019-05-15 00:02) INDUSTRIAL-DB: 6.00741(2015-12-01 02:30) Serial-Number: FG200ETK18915007 IPS Malicious URL Database: 2.00183(2019-01-03 09:45) Botnet DB: 4.00479(2019-05-15 10:00) BIOS version: 05000006 System Part-Number: P19082-03 Log hard disk: Not available Hostname: f-res-200 Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: a-a, master Cluster uptime: 16 days, 18 hours, 23 minutes, 43 seconds Branch point: 0231 Release Version Information: GA FortiOS x86-64: Yes System time: Thu May 16 08:53:35 2019 Cluster state change time: 2019-04-30 21:47:10

 

Thank's

brazz_FTNT

Thanks for the reply, 

 

Couple of questions here :

[ul]
  • Can you tell me the steps you are doing to have this policy install to FGT ?
  • Are the device and Policy level status where  in sync status before applying the changes?
  • At this point, I wouls suggest doing thes: *Create a fresh back up of FMG and FGT *Reboot FMG (just in case if any processes stuck) *Retrieve the config *Import the PP *Apply the changes again . *Then try pushing it to FGT(make sure you are using Installation PP and Device DB). Before pushing the changes to FGT check the installation preview and verify if those changes take place on FMG device and PP DB .
  • If you try all above and get the same result, consult directly with Fortinet FMG Tech support Engineers.[/ul]

     

    Let me know how it goes.

     

    Cheers

     

  • Labels
    Top Kudoed Authors