Fortinet white logo
Fortinet white logo

Administration Guide

Global policy packages

Global policy packages

Global policies and objects function in a similar fashion to local policies and objects, but are applied universally to all ADOMs and VDOMs inside your FortiManager installation. This allows users in a carrier, service provider, or large enterprise to support complex installations that may require their customers to pass traffic through their own network.

For example, a carrier or host may allow customers to transit traffic through their network, but do not want their customer to have the ability to access the carrier’s internal network or resources. Creating global policy header and footer packages to effectively surround a customer’s policy packages can help maintain security.

Global policy packages must be assigned to ADOMs to be used. When configuring global policies, a block of space in the policy table is reserved for Local Domain Policies. All of the policies in an ADOM’s policy table are inserted into this block when the global policy is assigned to an ADOM.

You can specify which policy packages to assign the global policy to when assigning policy packages to an ADOM. Each policy package can only have one global policy package assigned to it, but multiple global policy packages can be used in an ADOM. See Assign a global policy package.

Display options for policies and objects can be configured in Policy & Objects > Tools > Display Options.

Global policies and objects are not supported on all FortiManager platforms. Please review the products’ data sheets to determine support.

A global policy license is not required to use global policy packages.

Global policy packages

Global policy packages

Global policies and objects function in a similar fashion to local policies and objects, but are applied universally to all ADOMs and VDOMs inside your FortiManager installation. This allows users in a carrier, service provider, or large enterprise to support complex installations that may require their customers to pass traffic through their own network.

For example, a carrier or host may allow customers to transit traffic through their network, but do not want their customer to have the ability to access the carrier’s internal network or resources. Creating global policy header and footer packages to effectively surround a customer’s policy packages can help maintain security.

Global policy packages must be assigned to ADOMs to be used. When configuring global policies, a block of space in the policy table is reserved for Local Domain Policies. All of the policies in an ADOM’s policy table are inserted into this block when the global policy is assigned to an ADOM.

You can specify which policy packages to assign the global policy to when assigning policy packages to an ADOM. Each policy package can only have one global policy package assigned to it, but multiple global policy packages can be used in an ADOM. See Assign a global policy package.

Display options for policies and objects can be configured in Policy & Objects > Tools > Display Options.

Global policies and objects are not supported on all FortiManager platforms. Please review the products’ data sheets to determine support.

A global policy license is not required to use global policy packages.