Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Policy & Objects

    Policy & Objects

    Policy & Objects enables you to centrally manage policies and any objects used by those policies for devices that are managed by the FortiManager.

    All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

    This chapter includes the following sections:

    Administrator permissions

    If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

    Object selection pane

    You can determine the way that objects are displayed in Policy & Objects using the following object selection pane settings under the Tools menu.

    • Classic Dual Pane: The Policy Packages and Object Configurations tabs are displayed on the same pane, with object configurations on the lower half of the screen.

    • Dock to Right: You can open the objects window by clicking the expand icon on the right side of the screen. See Feature visibility.

    Workspace and Workflow mode

    • If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

    • If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

    The following sections are available in the tree menu under Policy & Objects:

    Policy Packages

    Click to view and configure policy packages.

    Normalized Interface

    Click to view and configure normalized interfaces.

    Firewall Objects

    Click to view and configure firewall objects.

    Security Profiles

    Click to view and configure security profiles.

    User & Authentication

    Click to view and configure user and authentication objects.

    Security Fabric

    Click to view and configure Fortinet Security Fabric objects.

    Advanced

    Click to view and configure advanced objects including metadata variables and CLI configurations.

    The following options are available in the Policy Packages pane:

    Policy Package

    Click to access the policy package menu. The menu options are the same as the right-click menu options.

    Install Wizard

    Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

    ADOM Revisions

    Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

    Tools

    Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

    Create New

    Create a new policy. See Creating policies.

    Edit

    Edit a policy. See Editing policies.

    Delete

    Delete a policy.

    Section

    Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

    Policy Lookup

    Perform a policy lookup. See Policy Lookup

    Collapse/Expand All

    Collapse or expand all the categories in the policy list.

    View Mode

    Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

    Tooltip

    View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

    Search

    The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

    Column Settings

    Select which columns are displayed in the policy table.

    The following options are available on the objects configuration panes:

    Install Wizard

    Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

    ADOM Revisions

    Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

    Tools

    Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

    Create New

    Create a new object. See Creating objects.

    Edit

    Edit an object. See Edit an object.

    Delete

    Delete an object. See Remove an object.

    More

    Select the dropdown to view additional options for objects.

    Column Settings

    Select which columns are displayed in the objects table.

    If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

    The following options are available:

    Lock | Unlock

    Select to lock or unlock the ADOM.

    Sessions

    Click to display the sessions list where you can save, submit, or discard changes made during the session.
    Previous
    Next

    Policy & Objects

    Policy & Objects

    Policy & Objects enables you to centrally manage policies and any objects used by those policies for devices that are managed by the FortiManager.

    All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

    This chapter includes the following sections:

    Administrator permissions

    If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

    Object selection pane

    You can determine the way that objects are displayed in Policy & Objects using the following object selection pane settings under the Tools menu.

    • Classic Dual Pane: The Policy Packages and Object Configurations tabs are displayed on the same pane, with object configurations on the lower half of the screen.

    • Dock to Right: You can open the objects window by clicking the expand icon on the right side of the screen. See Feature visibility.

    Workspace and Workflow mode

    • If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

    • If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

    The following sections are available in the tree menu under Policy & Objects:

    Policy Packages

    Click to view and configure policy packages.

    Normalized Interface

    Click to view and configure normalized interfaces.

    Firewall Objects

    Click to view and configure firewall objects.

    Security Profiles

    Click to view and configure security profiles.

    User & Authentication

    Click to view and configure user and authentication objects.

    Security Fabric

    Click to view and configure Fortinet Security Fabric objects.

    Advanced

    Click to view and configure advanced objects including metadata variables and CLI configurations.

    The following options are available in the Policy Packages pane:

    Policy Package

    Click to access the policy package menu. The menu options are the same as the right-click menu options.

    Install Wizard

    Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

    ADOM Revisions

    Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

    Tools

    Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

    Create New

    Create a new policy. See Creating policies.

    Edit

    Edit a policy. See Editing policies.

    Delete

    Delete a policy.

    Section

    Create a new policy section. You can apply colors to policy sections to help differentiate your different policies in the table. See Managing policies.

    Policy Lookup

    Perform a policy lookup. See Policy Lookup

    Collapse/Expand All

    Collapse or expand all the categories in the policy list.

    View Mode

    Toggle between the By Sequence and Interface Pair View display modes. See Managing policies.

    Tooltip

    View Mode is disabled when policy packages include policies using multiple source/destination interfaces (including the "Any" interface) or when policy blocks are used.

    Search

    The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

    Column Settings

    Select which columns are displayed in the policy table.

    The following options are available on the objects configuration panes:

    Install Wizard

    Click to access the Install Wizard. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy by clicking the dropdown arrow and choosing Re-install Policy.

    ADOM Revisions

    Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

    Tools

    Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Refresh Hit Counts, Feature Visibility, or Object Selection Pane.

    Create New

    Create a new object. See Creating objects.

    Edit

    Edit an object. See Edit an object.

    Delete

    Delete an object. See Remove an object.

    More

    Select the dropdown to view additional options for objects.

    Column Settings

    Select which columns are displayed in the objects table.

    If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

    The following options are available:

    Lock | Unlock

    Select to lock or unlock the ADOM.

    Sessions

    Click to display the sessions list where you can save, submit, or discard changes made during the session.
    Previous
    Next