ADOM-level metadata variables
ADOM-level metadata variables can be used as variables for certain fields in the following places:
-
Scripts
-
Templates
-
Firewall address objects
-
IP pools
-
VIPs
-
FortiAP SSIDs
-
FortiSwitch VLAN configurations
-
FortiClient EMS and FortiClient EMS Cloud connectors
-
Normalized interfaces
-
Firewall address groups
Fields that support metadata variables are identified with a metadata variable icon .
Typing $
into an object's field where metadata variables are supported will display the available metadata variables for selection.
You can configure ADOM-level metadata variables in Policy & Objects > Advanced > Metadata Variables. Metadata variables created this way are only available in the ADOMs in which they were created.
Metadata variables can also be created in the Global Database ADOM. When creating ADOM-level metadata variables in the Global Database, you can configure per-ADOM mapping to assign specific values to all devices within an ADOM.
Using the More option in the toolbar, you can clone, group, import, and export metadata variables, as well as see where they are being used.
You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature. |
To create an ADOM-level metadata variable:
-
Go to Policy & Objects > Advanced > Metadata Variables.
-
Click Create New.
The Create New Metadata Variables window opens. -
Enter the following information:
Name Enter a name for the metadata variable.
Description Optionally, enter a description. Default Value Set the default value for the variable. The default value is used whenever a per-device mapping is unavailable. Per-ADOM Mapping
This setting is only available in the Global Database ADOM.
Toggle ON to enable per-ADOM mapping. When enabled, click Create New to map an ADOM to a Value. This value will be applied to all devices in the selected ADOM.
Per-Device Mapping This setting is not available in the Global Database ADOM.
Toggle ON to enable per-device mapping. When enabled, you can configure specific value for each device by clicking Create New beneath Per-Device Mapping and specifying the Mapped Device and Value.
Revision
Enter a change note.
-
Click OK to save the metadata variable.
You can now use the ADOM's configured variable(s) in provisioning templates created in Device Manager.
To configure metadata variable device assignment from the Device Manager, right-click on a managed device in the table and click Edit Variable Mapping.
To export metadata variables:
-
Go to Policy & Objects > Advanced > Metadata Variables.
-
Select More in the toolbar, and click Export as JSON or Export as CSV.
The metadata variables will be exported based on the format selected.
To import metadata variables :
-
Go to Policy & Objects > Advanced > Metadata Variables.
-
Select More from the toolbar and click Import from JSON or Import from CSV.
-
Browse to your exported file, or drag-and-drop it into the file selector, and click Import.
-
Select the metadata variables and per-device mapping values to be included in the import, and click Next to complete the import process.
To use a metadata variable in dynamic objects:
-
Go to Policy & Objects.
-
Create or edit a Firewall Address, IP Pool, or Virtual IP object.
-
Add the metadata into a text field using the following format:
$<metadata_variable_name>
.When
$
is typed into a supported text field, available metadata variables are displayed for selection. You can click the add button to create a new metadata variable.
For example, when creating a firewall address, you can use a metadata variable in the IP/Netmask field.