Global policy packages
Global policies and objects function in a similar fashion to local policies and objects, but are applied universally to all ADOMs and VDOMs inside your FortiManager installation. This allows users in a carrier, service provider, or large enterprise to support complex installations that may require their customers to pass traffic through their own network.
For example, a carrier or host may allow customers to transit traffic through their network, but do not want their customer to have the ability to access the carrier’s internal network or resources. Creating global policy header and footer packages to effectively surround a customer’s policy packages can help maintain security.
Global policy packages must be assigned to ADOMs to be used. When configuring global policies, a block of space in the policy table is reserved for Local Domain Policies. All of the policies in an ADOM’s policy table are inserted into this block when the global policy is assigned to an ADOM.
You can specify which policy packages to assign the global policy to when assigning policy packages to an ADOM. Each policy package can only have one global policy package assigned to it, but multiple global policy packages can be used in an ADOM. See Assign a global policy package.
Policy Blocks can be used within Global Policy packages. See Using Policy Blocks.
Feature visibility options for policies and objects can be configured in Policy & Objects > Tools > Feature Visibility.
Global policies and objects are not supported on all FortiManager platforms. Please review the products’ data sheets to determine support. |
A global policy license is not required to use global policy packages. |
The use of local Policy Blocks simplifies the process for upgrading your ADOMs and can be considered as an alternative to Global Policy Packages. For more information, see Using Policy Blocks versus Global Policy Packages and Migrating global policies to policy blocks. |