Fortinet white logo
Fortinet white logo

Administration Guide

Policy & Objects

Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view configured policy packages and folders in the tree menu.

Object Configurations

Click to view configurable objects in the tree menu.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Display Options, or Object Selection Pane.

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.

Policy & Objects

Policy & Objects

The Policy & Objects pane enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

All changes related to policies and objects should be made on the FortiManager device, and not on the managed devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Administrator profiles.

If Display Policy & Objects in Dual Pane is enabled, the Policy Packages and Object Configurations tabs will be shown on the same pane, with Object Configurations on the lower half of the screen. See Display options.

If workspace is enabled, the ADOM must be locked before changes can be made. See Locking an ADOM.

If workflow is enabled, the ADOM must be locked and a session must be started before changes can be made. See Workflow mode.

The following sections are available in the tree menu in Policy & Objects:

Policy Packages

Click to view configured policy packages and folders in the tree menu.

Object Configurations

Click to view configurable objects in the tree menu.

If Display Policy & Objects in Dual Pane is enabled, both tabs will be shown on the same pane.

The following options are available on the Policy Packages tab:

Policy Package

Click to access the policy package menu. The menu options are the same as the right-click menu options.

Install

Click to access the Install menu. You can start the Install Wizard where you can install policy packages and device settings. You can also re-install a policy.

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Find Unused Objects, Find Duplicate Objects, Find Unused Policies, Display Options, or Object Selection Pane.

Collapse/Expand All

Collapse or expand all the categories in the policy list.

Search

The tree menu can be searched and sorted using the search field and sorting button at the top of the menu.

The following options are available on the Objects Configurations tab:

ADOM Revisions

Click to create, edit, delete, restore, lock, and unlock ADOM Revisions.

Tools

Click to select one of the following tools from the menu: Display Options, Find Unused Objects, or Find Duplicate Objects.

If workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

The following options are available:

Lock | Unlock

Select to lock or unlock the ADOM.

Sessions

Click to display the sessions list where you can save, submit, or discard changes made during the session.