This article describes that the reference between the device object and the actual SSL VPN web portal configuration can break which causes the changes done via the ‘VPN Manager’ are not reflected as a change in the ‘Policy package’.
Scope
FortiManager.
Solution
It is possible to use the below command to identify whether the reference is broken:
diagnose dvm device object-reference <device> <vdom> <category> <portalname> diagnose dvm device object-reference MyFortiGate1 VPNvdom 1054 MyPortal Device object MyPortal is not copied from global <--
To fix this issue copy and link the object reference: execute fmpolicy copy-adom-object
execute fmpolicy copy-adom-object <adom> <category> <portalname> <device> <vdom> execute fmpolicy link-adom-object <adom> <category> <portalname> <device> <vdom> execute fmpolicy copy-adom-object ADOM1 1054 MyPortal MyFortiGate1 VPNvdom execute fmpolicy link-adom-object ADOM1 1054 MyPortal MyFortiGate1 VPNvdom
When using the same command as initially, it is not possible to see the object reference is corrected and the changes in the SSL VPN portal configuration are now changing the status of the policy package:
diagnose dvm device object-reference MyFortiGate1 VPNvdom 1054 MyPortal --- Device MyFortiGate1 object reference list --- Category Obj_name Obj_oid ---> Category Gobj_oid vpn ssl web portal MyPortal 118718 ---> vpn ssl web portal 10925
This option has been available in FortiManager since 6.2.9, 6.4.7, and 7.0.2 releases.