Why do I need this?
Sometimes it is easier to make change locally on Fortigate. In my case, I want to create a “ftp-proxy” rule on Fortigate because I seems that the rule cause a problem when install to the device if it is implemented on FortiManager.
Step by Step
First, lock ADOM
Then, right click on device, select “Import Policy”
Then, select on the VDOM that change has been made, and skip the rest. Place the policy in a new TEMP POLICY PACKAGE so that it doesn’t mix up with our existing POLICY PACKAGE. To save space, I won’t show the screen shot of every screen. I just click next through until finish and click “Skip Remaining”.
After that we can change it the way we like.
If you have created new objects locally on the Fortigate VDOM, it will be imported at this step.
Now, rule #5 is imported as I wish.
From a temporary POLICY PACKAGE “VUFG1_VUWF101” , I just need to COPY & PASTE it into my production POLICY PACKAGE “VU-WEBFILTER-PACKAGE”.
Clean up steps
Now, we need to clean up a few things.
First, place the VDOM back to production POLICY PACKAGE.
Click on Policy & Objects -> YOUR TEMPORARY POLICY PACKAGE -> ‘Install’ Tab -> Right click on your VDOM, then Edit
Select the VDOMs that will use this POLICY PACKAGE.
Remove the VDOM from this temporary POLICY PACKAGE.
And, it will be removed from the list
Check the production POLICY PACKAGE, ‘Install’ Tab, it should be there.
Push to device
Now, the next step is to click on SAVE and then push the revise POLICY PACKAGE to the VDOMs using “Install Wizard”.
Then, on Device tab, it should display “SYNCHRONIZED”
The last step is to simply Unlock VDOM.
No comments:
Post a Comment