https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146918#M454 <P>Hi Ofir!</P> <P>Then could you please clarify what is meant by this statement in the SK?</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="100%"><STRONG>Users</STRONG><BR /> <UL> <LI>SmartMove cannot create LDAP account unit objects that are needed for the user configuration process. You will need to create this object manually and provide the name of this object to SmartMove for conversion.</LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Also this is confusing:</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="100%"> <UL> <LI>Only Firewall, NAT and <STRONG>Users/Groups configuration (AD)</STRONG> will be converted (including network objects, services, and schedules).</LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>What users are converted?</P> Sun, 24 Apr 2022 07:28:40 GMT Denis_Romanov 2022-04-24T07:28:40Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146817#M450 <P>Hi! I have a Fortigate configuration (v.6.09) and trying to convert AD groups however it seems those are just ignored in the conversion process for some reason. I've specified an LDAP Account Unit (which is needed to generate a valid mgmt_cli commands) but Access Roles are not created during the conversion.&nbsp;</P> <P>Here is how it looks in Fortigate config:</P> <LI-CODE lang="markup"> edit "AD_group_test" set member "AD_LDAP_AU" config match edit 1 set server-name "AD_LDAP_AU" set group-name "CN=AD_group_test,OU=InfoSec,OU=Test,OU=Groups,OU=DC01,DC=test,DC=local" next end</LI-CODE> <P>&nbsp;And this group is used in the Firewall policy:</P> <LI-CODE lang="markup"> edit 20911 set uuid 0e48bc7a-bf0b-51ec-d77a-8de1cc2533c7 set srcintf "any" set dstintf "any" set srcaddr "Private_nets" set dstaddr "10.0.0.1" "10.0.0.2" "10.0.0.3" "Net_10.0.1.0/24" set action accept set schedule "always" set service "ALL" set logtraffic all set groups "AD_group_test" set global-label "General rules" next</LI-CODE> <P>&nbsp;But SmartMove doesn't generate any Access Role objects (x0)..</P> <P>Any input on what may be wrong here? From Release Notes it seems that it should be supported..<BR />I'm using the latest SmartMove version 6.0.8068.6581.</P> Fri, 22 Apr 2022 06:57:45 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146817#M450 Denis_Romanov 2022-04-22T06:57:45Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146917#M453 <P>Hi,</P> <P>SmatMove does not generate&nbsp;<SPAN>AD groups, you will need manually&nbsp;to generate it.</SPAN></P> Sun, 24 Apr 2022 07:03:14 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146917#M453 Ofir_Shikolski 2022-04-24T07:03:14Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146918#M454 <P>Hi Ofir!</P> <P>Then could you please clarify what is meant by this statement in the SK?</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="100%"><STRONG>Users</STRONG><BR /> <UL> <LI>SmartMove cannot create LDAP account unit objects that are needed for the user configuration process. You will need to create this object manually and provide the name of this object to SmartMove for conversion.</LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Also this is confusing:</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="100%"> <UL> <LI>Only Firewall, NAT and <STRONG>Users/Groups configuration (AD)</STRONG> will be converted (including network objects, services, and schedules).</LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>What users are converted?</P> Sun, 24 Apr 2022 07:28:40 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146918#M454 Denis_Romanov 2022-04-24T07:28:40Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146922#M455 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/940">@Denis_Romanov</a>&nbsp;,</P> <P>Can you please send me the config file? <A href="mailto:ofirs@checkpoint.com" target="_blank">ofirs@checkpoint.com</A>&nbsp;</P> <P>it is working for me <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Sun, 24 Apr 2022 10:57:55 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146922#M455 Ofir_Shikolski 2022-04-24T10:57:55Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146932#M456 <P>Not sure why it fails for you...I did this conversion before and it converted everything.</P> Sun, 24 Apr 2022 21:59:03 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/146932#M456 the_rock 2022-04-24T21:59:03Z https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/150744#M460 <P>The issue was: not object were found in the config file.</P> Tue, 14 Jun 2022 05:41:00 GMT https://community.checkpoint.com/t5/SmartMove/Fortinet-User-configuration/m-p/150744#M460 Ofir_Shikolski 2022-06-14T05:41:00Z