When importing policy and objects from a FortiGate currently selected revision history config file, before actually importing the policies and objects, a summary of the objects that will be updated, imported, renamed, and skipped (duplicates) will be listed and shown.
This article will define the different actions that will be taken on the objects listed on this summary page.
When importing into FortiManager, all FortiGates in a given ADOM have a shared database for their objects.
- The object being imported has the same name but a different definition than what is currently in the FortiManager.
- It will create a mapping for the object with the same object name but a definition specific to the FortiGate.
Updates to Existing FortiManager Objects
- In the conflict page, the objects that exist on the FortiManager before the import with the same name, have been selected to be imported using the Fortigate value.
- It will create an update/overwrite these objects with the value it is importing from the Fortigate policy and objects.
Rename Objects to Import
- It has the same name but a different type of object (for example: for firewall address group and firewall address), FortiManager will rename the object so that there is no conflict.
- The FortiManager will first rename the object’s name (by adding a ‘_001’ to the original name) on the unit database on the FotiManager in Device Manager (not on the actual device), but the actual import to the ‘Policy & Objects’ database will not be imported just yet.
- Now that the object name is renamed, to be imported to the ‘Policy & Objects’ database, if another import is performed, then the new renamed object will be imported, such that the already existing object on the FortiManager in the ‘Policy & Object’ database but of a different type of object is not affected and is not in conflict.
- To reflect the new name of the object on the device itself, an install will need to follow.
Example: FortiManager has a Firewall address group named ‘OBJ’ and the FortiGate being imported has a firewall address object named ‘OBJ’, since both have the same name but the object type is different, the FortiManager will import the OBJ as a firewall address as OBJ_001.
New Objects to Import
- The object is only available in FortiGate and not in the FortiManager.
- This action will create an identical object in the FortiManager.
- Duplicate means the object has the exact same name and content and it will be flagged as duplicate and the import process will skip this object.