Technical Tip: Configuration change on SSL VPN portal profile via the 'VPN Manager' is not detected as the change to trigger installation

dkoprusak · ‎05-06-2024

Description

This article describes that the reference between the device object and the actual SSL VPN web portal configuration can break which causes the changes done via the 'VPN Manager' are not reflected as a change in the 'Policy package'.

Scope

FortiManager.

Solution

It is possible to use the below command to identify whether the reference is broken:

diagnose dvm device object-reference <device> <vdom> <category> <portalname>

diagnose dvm device object-reference MyFortiGate1 VPNvdom 1054 MyPortal

Device object MyPortal is not copied from global <--

To fix this issue copy and link the object reference:

execute fmpolicy copy-adom-object <adom> <category> <portalname> <device> <vdom>

execute fmpolicy link-adom-object <adom> <category> <portalname> <device> <vdom>

execute fmpolicy copy-adom-object ADOM1 1054 MyPortal MyFortiGate1 VPNvdom

execute fmpolicy link-adom-object ADOM1 1054 MyPortal MyFortiGate1 VPNvdom

When using the same command as initially, it is not possible to see the object reference is corrected and the changes in the SSL VPN portal configuration are now changing the status of the policy package:

diagnose dvm device object-reference MyFortiGate1 VPNvdom 1054 MyPortal
--- Device MyFortiGate1 object reference list ---
Category Obj_name Obj_oid ---> Category Gobj_oid
vpn ssl web portal MyPortal 118718 ---> vpn ssl web portal 10925

This option has been available in FortiManager since 6.2.9, 6.4.7, and 7.0.2 releases.