Fortinet black logo

Administration Guide

Home FortiManager 7.4.0 Administration Guide

ADOM-level metadata variables

7.4.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID 5c7b0997-c382-11ed-8e6d-fa163e15d75b:478643
Download PDF

ADOM-level metadata variables

ADOM-level metadata variables can be used as variables in scripts, templates, firewall address objects, IP pools, and VIPs.

Typing $ into an object's field where metadata variables are supported will display the available metadata variables for selection. Fields that support metadata variables are identified with a magnifying glass icon.

You can configure ADOM-level metadata variables in Policy & Objects > Advanced > Metadata Variables. Metadata variables are only available in the ADOMs in which they were created.

Metadata variables can also be created in the Global Database ADOM. When creating ADOM-level metadata variables in the Global Database, you can configure per-ADOM mapping to assign specific values to all devices within an ADOM.

Using the More option in the toolbar, you can clone, group, import, and export metadata variables, as well as see where a metadata variable is used.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
To create an ADOM-level metadata variable:
  1. Go to Policy & Objects > Advanced > Metadata Variables.
  2. Click Create New.
    The Create New Metadata Variables window opens.
  3. Enter the following information:
    NameEnter a name for the metadata variable.
    DescriptionOptionally, enter a description.
    Default ValueSet the default value for the variable. The default value is used whenever a per-device mapping is unavailable.

    Per-ADOM Mapping

    This setting is only available in the Global Database ADOM.

    Toggle ON to enable per-ADOM mapping. When enabled, click Create New to map an ADOM to a Value. This value will be applied to all devices in the selected ADOM.

    Per-Device Mapping

    This setting is not available in the Global Database ADOM.

    Toggle ON to enable per-device mapping. When enabled, you can configure specific value for each device by clicking Create New beneath Per-Device Mapping and specifying the Mapped Device and Value.

    Revision

    Enter a change note.

  4. Click OK to save the metadata variable.
    You can use the configured variable(s) in current ADOM.
    To configure metadata variable device assignment from the Device Manager, right-click on a managed device in the table and click Edit Variable Mapping.
To export and import metadata variables:
  1. Go to Policy & Objects > Advanced > Metadata Variables.
  2. Select More in the toolbar and click Export Metadata Variables.
    The metadata variables are exported into a JSON format file.
  3. In a second ADOM, go to Policy & Objects > Advanced > Metadata Variables.
  4. Select More from the toolbar and click Import Metadata Variables.
  5. Browse to your exported JSON file, or drag and drop it into the file selector, and click Import.
To use a metadata variable in dynamic objects:
  1. Go to Policy & Objects.
  2. Create or edit a Firewall Address, IP Pool, or Virtual IP object.
  3. Add the metadata into a text field using the following format: $<metadata_variable_name> .
    Note

    When $ is typed into a supported text field, available metadata variables are displayed for selection. You can click the add button to create a new metadata variable.


    For example, when creating a firewall address, you can use a metadata variable in the IP/Netmask field.

Previous
Next

ADOM-level metadata variables

ADOM-level metadata variables can be used as variables in scripts, templates, firewall address objects, IP pools, and VIPs.

Typing $ into an object's field where metadata variables are supported will display the available metadata variables for selection. Fields that support metadata variables are identified with a magnifying glass icon.

You can configure ADOM-level metadata variables in Policy & Objects > Advanced > Metadata Variables. Metadata variables are only available in the ADOMs in which they were created.

Metadata variables can also be created in the Global Database ADOM. When creating ADOM-level metadata variables in the Global Database, you can configure per-ADOM mapping to assign specific values to all devices within an ADOM.

Using the More option in the toolbar, you can clone, group, import, and export metadata variables, as well as see where a metadata variable is used.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
To create an ADOM-level metadata variable:
  1. Go to Policy & Objects > Advanced > Metadata Variables.
  2. Click Create New.
    The Create New Metadata Variables window opens.
  3. Enter the following information:
    NameEnter a name for the metadata variable.
    DescriptionOptionally, enter a description.
    Default ValueSet the default value for the variable. The default value is used whenever a per-device mapping is unavailable.

    Per-ADOM Mapping

    This setting is only available in the Global Database ADOM.

    Toggle ON to enable per-ADOM mapping. When enabled, click Create New to map an ADOM to a Value. This value will be applied to all devices in the selected ADOM.

    Per-Device Mapping

    This setting is not available in the Global Database ADOM.

    Toggle ON to enable per-device mapping. When enabled, you can configure specific value for each device by clicking Create New beneath Per-Device Mapping and specifying the Mapped Device and Value.

    Revision

    Enter a change note.

  4. Click OK to save the metadata variable.
    You can use the configured variable(s) in current ADOM.
    To configure metadata variable device assignment from the Device Manager, right-click on a managed device in the table and click Edit Variable Mapping.
To export and import metadata variables:
  1. Go to Policy & Objects > Advanced > Metadata Variables.
  2. Select More in the toolbar and click Export Metadata Variables.
    The metadata variables are exported into a JSON format file.
  3. In a second ADOM, go to Policy & Objects > Advanced > Metadata Variables.
  4. Select More from the toolbar and click Import Metadata Variables.
  5. Browse to your exported JSON file, or drag and drop it into the file selector, and click Import.
To use a metadata variable in dynamic objects:
  1. Go to Policy & Objects.
  2. Create or edit a Firewall Address, IP Pool, or Virtual IP object.
  3. Add the metadata into a text field using the following format: $<metadata_variable_name> .
    Note

    When $ is typed into a supported text field, available metadata variables are displayed for selection. You can click the add button to create a new metadata variable.


    For example, when creating a firewall address, you can use a metadata variable in the IP/Netmask field.

Previous
Next