Fortinet white logo
Fortinet white logo

Administration Guide

Creating objects

Creating objects

Objects can be created as global objects or for specific ADOMs.

To create a new object:
  1. Ensure you are in the correct ADOM.

  2. Go to Policy & Objects and select the object type the tree menu. For example, view firewall addresses by going to Firewall Objects > Addresses.

    The firewall address list is displayed in the content pane. The available address or address group lists are selectable on the content pane toolbar.

  3. From the Create New menu, select the type of address. In this example, Address was selected. The Create New Address pane opens.

    Some object configurations allow you to add the object to a group. This options are not available for all objects.

  4. Enter the required information, then click OK to create the new object.
    A change note is required when creating or editing objects.

If you create Security Profiles that include Application Signature or Custom IPS Signature with the same ID for multiple VDOMs, FortiManager will automatically change the ID. For example, multiple VDOMs in a FortiGate device having the same Custom IPS Signature will have different IDs assigned by FortiManager while installing the policy. The Custom IPS Signature name will remain the same, but the ID will be different for each VDOM.

The automatic change of ID affects the attack_id in Custom IPS Signature and attack_id or vuln_id in Application Signature. The change in ID may occur even when importing a policy from FortiGate device and re-installing the policy.

You can view the modified ID in the Install Wizard by clicking Install Preview. Alternatively, you can also go to Device Manager > [FortiGate_Name] > CLI Configurations> ips or Device Manager > [FortiGate_Name] > CLI Configurations> application to view the modified ID for the particular VDOM.

If you create an object in the Global Database, and assign the object to a regular ADOM, you cannot delete the object from the Global Database. You must unassign the object from the regular ADOM before deleting it from the Global Database.

Creating objects

Creating objects

Objects can be created as global objects or for specific ADOMs.

To create a new object:
  1. Ensure you are in the correct ADOM.

  2. Go to Policy & Objects and select the object type the tree menu. For example, view firewall addresses by going to Firewall Objects > Addresses.

    The firewall address list is displayed in the content pane. The available address or address group lists are selectable on the content pane toolbar.

  3. From the Create New menu, select the type of address. In this example, Address was selected. The Create New Address pane opens.

    Some object configurations allow you to add the object to a group. This options are not available for all objects.

  4. Enter the required information, then click OK to create the new object.
    A change note is required when creating or editing objects.

If you create Security Profiles that include Application Signature or Custom IPS Signature with the same ID for multiple VDOMs, FortiManager will automatically change the ID. For example, multiple VDOMs in a FortiGate device having the same Custom IPS Signature will have different IDs assigned by FortiManager while installing the policy. The Custom IPS Signature name will remain the same, but the ID will be different for each VDOM.

The automatic change of ID affects the attack_id in Custom IPS Signature and attack_id or vuln_id in Application Signature. The change in ID may occur even when importing a policy from FortiGate device and re-installing the policy.

You can view the modified ID in the Install Wizard by clicking Install Preview. Alternatively, you can also go to Device Manager > [FortiGate_Name] > CLI Configurations> ips or Device Manager > [FortiGate_Name] > CLI Configurations> application to view the modified ID for the particular VDOM.

If you create an object in the Global Database, and assign the object to a regular ADOM, you cannot delete the object from the Global Database. You must unassign the object from the regular ADOM before deleting it from the Global Database.