Hi!
Some of our customers are using FortiGates managed by FortiManager. These Fortigates provide a web based ssl vpn and users are allowed to create personal bookmarks.
As soon as a user creates a personal bookmark in web based ssl vpn and disconnects the session, the FMG will show up this FGT as out-of-sync.
Seems logical, because the config change has been done on FGT instead of FMG.
Support says there is no solution to solve this issue.
Any ideas how to solve this? (Without disabling the personal bookmark feature)
You would need to manually re-import to FMG or enable auto-import in FMG.
Advanced Settings → Configuration Changes Received from FortiGate set to “Automatically accept”
That will allow you to make basic changes to the FW and FMG will scoop them up automatically. Just don’t make policy/object changes. Basically follow what the huge warning message says when you login and you shouldn’t have a problem. I have this enabled and have never had a problem.
My memory might be in error but I deployed SSL VPN with personal bookmarks and it was the config that went from Synchronised to Auto Update - so unless you changed its default behaviour to not accept auto updated config (device level config not policy) then I’m not sure.
We have this issue too. 6.2 FMG and 6.0 FGT. I just retrieve the configuration every time i see it and just move on. Its annoying but i have no faith Support will care.
Were actively moving to FGT to 6.2 (and then to 6.4) so i hope it gets fixed with that upgrade.
TIL you can have Fortimanager auto import changes you make to the FortiGate Is it real time that import and does Fortimanager give you any indication it did that import?
Is it real time that import and does Fortimanager give you any indication it did that import?