Fortinet black logo

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Global Objects Reference Check

FortiManager performs a reference check before a global object deletion. The GUI issues a warning if the object is in use.

Scenario 1:
  1. Assign a Global Policy with global header policy that includes an AntiVirus profile gAntiVirus_Vancouver to ADOM1. Now in ADOM1, there is header policy referencing gAntiVirus_Vancouver.
  2. In ADOM1, use gAntiVirus_Vancouver in an local ADOM policy.
  3. Delete the header policy from Global level.
  4. Reassign the policy to ADOM1.
  • Before FortiManager 6.2.1:The reassigning of the policy fails because Global Object Database tries to remove gAntiVirus_Vancouver but cannot since it is used at the ADOM level.
  • FortiManager 6.2.1 and higher: Assign successful. No error reported. Informational message can be found in the task monitor:

Try to delete gAntiVirus_Vancouver in Global ADOM. It's not allowed, and an error message is shown.

Scenario 2:
  1. Assign Global Policy with option Assign ALL Objects (which happens to include gAntiVirus_Vancouver even though that profile is not used by any global policies).
  2. In ADOM1, use gAntiVirus_Vancouver in an local ADOM policy.
  3. Delete gAntiVirus_Vancouver from Global level.
  • Before FortiManager 6.2.1: Successful (since Global level doesn’t reference it). Reassigning to ADOM1 fails because Global tries to remove gAddr1 but cannot (it is used at the ADOM level).
  • FortiManager 6.2.1 and higher: The following error message is shown:

Global Objects Reference Check

FortiManager performs a reference check before a global object deletion. The GUI issues a warning if the object is in use.

Scenario 1:
  1. Assign a Global Policy with global header policy that includes an AntiVirus profile gAntiVirus_Vancouver to ADOM1. Now in ADOM1, there is header policy referencing gAntiVirus_Vancouver.
  2. In ADOM1, use gAntiVirus_Vancouver in an local ADOM policy.
  3. Delete the header policy from Global level.
  4. Reassign the policy to ADOM1.
  • Before FortiManager 6.2.1:The reassigning of the policy fails because Global Object Database tries to remove gAntiVirus_Vancouver but cannot since it is used at the ADOM level.
  • FortiManager 6.2.1 and higher: Assign successful. No error reported. Informational message can be found in the task monitor:

Try to delete gAntiVirus_Vancouver in Global ADOM. It's not allowed, and an error message is shown.

Scenario 2:
  1. Assign Global Policy with option Assign ALL Objects (which happens to include gAntiVirus_Vancouver even though that profile is not used by any global policies).
  2. In ADOM1, use gAntiVirus_Vancouver in an local ADOM policy.
  3. Delete gAntiVirus_Vancouver from Global level.
  • Before FortiManager 6.2.1: Successful (since Global level doesn’t reference it). Reassigning to ADOM1 fails because Global tries to remove gAddr1 but cannot (it is used at the ADOM level).
  • FortiManager 6.2.1 and higher: The following error message is shown: