Fortinet white logo
Fortinet white logo

Administration Guide

Create a new object

Create a new object

Objects can be created as global objects, or for specific ADOMs.

To create a new object:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations.
  3. Select the object type that you will be creating. For example, view the firewall addresses by going to Firewall Objects > Address.

    The firewall address list is displayed in the content pane. The available address or address group lists are selectable on the content pane toolbar.

  4. From the Create New menu, select the type of address. In this example, Address was selected. The Create New Address pane opens.

    You can select to add the object to groups and enable dynamic mapping. These options are not available for all objects.

  5. Enter the required information, then click OK to create the new object.

If you create Security Profiles that include Application Signature or Custom IPS Signature with the same ID for multiple VDOMs, FortiManager will automatically change the ID. For example, multiple VDOMs in a FortiGate device having the same Custom IPS Signature will have different IDs assigned by FortiManager while installing the policy. The Custom IPS Signature name will remain the same, but the ID will be different for each VDOM.

The automatic change of ID affects the attack_id in Custom IPS Signature and attack_id or vuln_id in Application Signature. The change in ID may occur even when importing a policy from FortiGate device and re-installing the policy.

You can view the modified ID in the Install Wizard by clicking Install Preview. Alternatively, you can also go to Device Manager > [FortiGate_Name] > CLI-Only Objects> ips or Device Manager > [FortiGate_Name] > CLI-Only Objects> application to view the modified ID for the particular VDOM.

If you create an object in the Global Database, and assign the object to a regular ADOM, you cannot delete the object from the Global Database. You must unassign the object from the regular ADOM before deleting it from the Global Database.

Create a new object

Create a new object

Objects can be created as global objects, or for specific ADOMs.

To create a new object:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations.
  3. Select the object type that you will be creating. For example, view the firewall addresses by going to Firewall Objects > Address.

    The firewall address list is displayed in the content pane. The available address or address group lists are selectable on the content pane toolbar.

  4. From the Create New menu, select the type of address. In this example, Address was selected. The Create New Address pane opens.

    You can select to add the object to groups and enable dynamic mapping. These options are not available for all objects.

  5. Enter the required information, then click OK to create the new object.

If you create Security Profiles that include Application Signature or Custom IPS Signature with the same ID for multiple VDOMs, FortiManager will automatically change the ID. For example, multiple VDOMs in a FortiGate device having the same Custom IPS Signature will have different IDs assigned by FortiManager while installing the policy. The Custom IPS Signature name will remain the same, but the ID will be different for each VDOM.

The automatic change of ID affects the attack_id in Custom IPS Signature and attack_id or vuln_id in Application Signature. The change in ID may occur even when importing a policy from FortiGate device and re-installing the policy.

You can view the modified ID in the Install Wizard by clicking Install Preview. Alternatively, you can also go to Device Manager > [FortiGate_Name] > CLI-Only Objects> ips or Device Manager > [FortiGate_Name] > CLI-Only Objects> application to view the modified ID for the particular VDOM.

If you create an object in the Global Database, and assign the object to a regular ADOM, you cannot delete the object from the Global Database. You must unassign the object from the regular ADOM before deleting it from the Global Database.