Global database version
When deploying global policies using the Global Database ADOM, it is essential to consider both the Global ADOM version and the corresponding local ADOM version to ensure compatibility and successful policy installation.
1. Global Database ADOM version
-
The Global Database ADOM version determines the FortiOS syntax that is used when creating policies and objects in the ADOM. For example, if the Global Database ADOM version is 7.4, then policies and objects created in the ADOM use FortiOS 7.4 syntax.
-
The Global Database ADOM version also determines the local ADOM versions that can be selected for assignment. See Assigning a global policy package to an ADOM
2. Local ADOM version
-
Once a global policy package has been assigned to an ADOM, the local ADOM handles the installation of the policy package to managed devices.
-
The local ADOM version controls what FortiOS versions the global policy package can be installed on. The local ADOM includes a configuration upgrade/downgrade mechanism so that the global policy package can be installed on FortiOS devices that are on higher or lower firmware versions. To see what FortiOS versions are supported by each local ADOM version and for more information on configuration upgrade/downgrades, see ADOM versions.
Global Database and local ADOM compatibility
The following table identifies the local ADOM versions that can be selected for assignment in FortiManager 7.6.6:
|
Global Database ADOM version |
Assignable local ADOM versions |
|---|---|
| 7.6 | 7.6, 7.4, 7.2 |
| 7.4 | 7.6, 7.4, 7.2 |
| 7.2 | 7.6, 7.4, 7.2 |
Example
-
A global policy package is created in the Global Database ADOM on version 7.4. The global policy package uses FortiOS 7.4 syntax.
-
The global policy package is assigned to a local ADOM using version 7.2.
-
The local ADOM contains FortiOS devices on version 7.6, 7.4 and 7.2 because these versions are all supported by the local ADOM version.
-
The administrator performs an install to these FortiGate devices from the local ADOM, and the global policy package is installed by the local ADOM.
-
When the global policy package is installed to the FOS 7.6 devices, the local ADOM upgrades the syntax.
-
When the global policy package is installed to the FOS 7.2 devices, the local ADOM downgrades the syntax.
-
When the global policy package is installed to the FOS 7.4 devices, no syntax upgrade or downgrade is required.
-
Upgrading Global Database ADOMs
|
The global database ADOM should only be upgraded after all the ADOMs that are using a global policy package have been upgraded to a supported version. See ADOM versions. |
To upgrade the global database ADOM:
-
Go to System Settings > ADOMs.
-
Select Global Database then click More > Upgrade in the toolbar, or right-click Global Database and select Upgrade.
If the ADOM has already been upgraded to the latest version, this option will not be available.
-
Click OK in the Upgrade ADOM dialog box.
-
After the upgrade finishes, click Close to close the dialog box.
To edit the global database version:
-
Go to System Settings > ADOMs.
-
Select Global Database then click Edit in the toolbar, or right-click Global Database and select Edit. The Edit Global Database window opens.
-
Select the version.
-
Click OK to save the setting.
-
A confirmation dialog box will be displayed. Click OK to continue.