Importing policies and objects
The import policy wizard helps you import policy packages and objects from managed FortiGates as well as specify per-device or per-platform mappings for FortiGate interfaces. Default or per-device mapping must exist or the installation will fail.
After initially importing policies from the device, make all changes related to policies and objects in Policy & Objects on the FortiManager. Making changes directly on the FortiGate device will require reimporting policies to resynchronize the policies and objects. |
See ADOM versions to determine which ADOM versions can import configurations from which device firmware versions. |
To import policy packages and objects:
-
Go to Device Manager > Device & Groups.
-
In the toolbar, select Table View from the dropdown menu.
-
In the tree menu, click the device group name. The devices in the group are displayed in the content pane.
-
Right-click a device, and select Import Configuration.
The Import Device dialog box is displayed.
-
Select Import Policy Package, and click Next.
The next screen is displayed.
-
Specify what policies and objects to import:
Policy Package Name
(Optional) Type a name for the policy package.
Folder
(Optional) Select a folder on the dropdown menu. The default storage folder is root.
Policy Selection
Select Import All to import all policies.
Select Select Policies to Import to select which policies and policy groups to import.
Object Selection
Select Import only policy dependent objects to import only policy dependent objects for the device.
Select Import all objects to import all objects for the selected device.
-
Specify mapping types for enabled FortiGate interfaces:
When importing policies and objects from a device, all enabled interfaces require a mapping.
Device Interface
Displays the enabled interfaces for the device for which you are importing policies.
Mapping Type
For each enabled device interface, select one of the of the following options: Per-Device or Per-Platform.
Normalized Interface
Displays the name of the normalized interface to which the device interface is mapped.
Add mapping for all unused device interfaces
Select to automatically create interface maps for unused device interfaces.
-
When finished mapping device interfaces, click Next.
The next page displays any object conflicts between the device and FortiManager.
-
If object conflicts are detected, choose whether to use the value from FortiGate or FortiManager, and click Next.
The object page searches for dependencies, and reports any conflicts it detects. If conflicts are detected, you must decide whether to use the FortiGate value or the FortiManager value. If there are conflicts, you can select View Conflict to view details of each individual conflict. Duplicates will not be imported.
You can click Download Conflict File to save a file of the conflicts to your hard drive.
-
When finished managing object conflicts, click Next.
A list of objects to be imported is displayed.
-
Click Next to start the import process.
When the import process completes, a summary page is displayed.
You can click Download Import Report, and save the report file to your hard drive.
Objects are imported into the common database, and the policies are imported into the selected package.
The import process removes all policies that have FortiManager generated policy IDs, such as 1073741825, that were previously learned by the FortiManager device. The FortiGate unit may inherit a policy ID from the global header policy, global footer policy, policy block, or VPN console.
-
Click Finish to close the wizard.
Importing the FortiClient EMS configuration from FortiGate is not supported. See Creating FortiClient EMS connectors. |