Fortinet black logo

Config

23.4.0
Copy Link
Copy Doc ID ce71c0e4-7759-11ee-a142-fa163e15d75b:553902
Download PDF

Config

Note

Using remote access in combination with configuration save mode is a recommended alternative to the Config feature. See Remote access.

In Config, you can access a pared-down version of the remote device's management interface to configure major features as if you were accessing the device itself. For configuration option descriptions, see the FortiOS documentation.

The configuration you see in FortiGate Cloud does not autorefresh. FortiGate Cloud displays a notification if the current local FortiGate configuration differs from the latest configuration uploaded to FortiGate Cloud. You can overwrite the FortiGate Cloud configuration with the current local FortiGate configuration by clicking Import, or merge the two configurations by clicking Merge. If you merge the configurations and there is a conflict between them (for example, an option is enabled locally on the FortiGate but disabled in FortiGate Cloud), FortiGate Cloud keeps the local FortiGate Cloud configuration for that option. You can then make any changes you want to reflect on the device and click Deploy to push the configuration to the device.

In the case that your device configuration version does not match the firmware version, FortiGate Cloud may display a Device config version does not match device firmware version message. You can click the Import button to synchronize the configurations.

FortiGate Cloud also supports CLI configuration using FortiExplorer over websocket with FortiOS 6.4.1 and later versions.

FortiGate Cloud supports configuring and deploying SD-WAN for FortiOS 5.6, 6.0, and 6.2, and SD-WAN zones for 6.4, 7.0, and 7.2.

To deploy cloud configuration to devices:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config.
  3. Before you edit any settings, click the Import button to retrieve the most up-to-date configuration from the FortiGate Cloud-connected device.
  4. On this page, you have limited access to a pared-down version of the FortiOS interface, allowing you to edit interfaces, routes, policies, and so on. Edit the FortiOS configuration as needed.
  5. When you are ready to push your updated configuration back to the device, click the Deploy button in the upper right.
  6. In the Schedule field, select the date and time to deploy the configuration to the device.
  7. Select Immediately if desired.
  8. Click Apply. You are limited to three successful configuration deployments per device for devices without a FortiGate Cloud subscription. The GUI displays the number of deployments left on the Deploy button on the Config page and in the Trials field in the Deploy Config to Device dialog. Once you reach the limit for a device, FortiGate Cloud grays out the Apply button in the Deploy Config to Device dialog and you cannot deploy the configuration.

  9. Wait for the configuration to download to the device. When it completes, a deployment log appears, showing you the changes as they appear in the CLI.
To download a deployment log:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config.
  3. Do one of the following:
    1. To download the log for the last successful deployment, beside Last Deployed: <yyyy-mm-dd hh:mm>, click Successful.
    2. To download the log for another deployment, beside Last Deployed: <yyyy-mm-dd hh:mm>, click History. Beside the desired deployment instance, click log.
  4. Click Download.

Managing FortiAP, FortiSwitch, and FortiExtender devices

You can use FortiGate Cloud to manage FortiAP, FortiSwitch, and FortiExtender devices that are connected to a FortiGate deployed to FortiGate Cloud. If these devices are already connected to the FortiGate when the FortiGate connects to FortiGate Cloud, FortiGate Cloud creates the FortiSwitch and FortiExtender profiles based on their uploaded configurations, while the FortiAP profile is predefined. If these devices are not already connected to FortiGate, you can preauthorize them by adding their serial number and selecting a predefined profile.

Managing FortiAPs

To create a managed FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. (Optional) Create an SSID by going to Management > Config > FortiAP > SSIDs. Creating an SSID is only necessary if a radio on the FortiAP profile is configured to use a manual SSID.
  3. (Optional) Create a FortiAP profile by going to Management > Config > FortiAP > FortiAP Profiles. You can also use the default profile instead of creating a new profile. To configure the SSID that you created, select Manual for SSIDs, then select the SSID from the dialog.
  4. Create the managed FortiAP:
    1. Go to Management > Config > FortiAP > Managed APs.
    2. Select Create New > Managed APs.
    3. Configure the FortiAP as desired, then click Save.
  5. The new managed FortiAP displays in Management > Config > FortiAP > Managed APs. Deploy the configuration to the FortiGates.
To configure a newly joined FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiAP > Managed APs.
  3. Select the newly joined FortiAP, then select Edit.
  4. Edit as desired, then click Save.
To authorize a managed FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiAP > Managed APs.
  3. Select the Authorize icon for the desired FortiAP.
  4. In the dialog, select YES.

Managing FortiSwitches

To create a managed FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiSwitch profile by going to Management > Config > FortiSwitch > FortiSwitch Profile, then clicking Create New.
  3. Create the managed FortiSwitch:
    1. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
    2. Select Create New.
    3. Configure the FortiSwitch as desired, then click Save.
  4. The new managed FortiSwitch displays in Management > Config > FortiSwitch > Managed FortiSwitches. Deploy the configuration to the FortiGates.
To configure a newly joined FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
  3. Select the newly joined FortiSwitch, then select Edit.
  4. Edit as desired, then click Save.
To authorize or deauthorize a managed FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
  3. Select the Authorize or Deauthorize icon for the desired FortiSwitch.
  4. In the dialog, select YES.

Managing FortiExtenders

To create a managed FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiExtender interface by going to Management > Config > Network > Interfaces, then clicking Create New > FortiExtender.
  3. Create a FortiExtender profile by going to Management > Config > FortiExtender > FortiExtender Profiles, then clicking Create New.
  4. Create the FortiExtender:
    1. Go to Management > Config > FortiExtender.
    2. Select Create New.
    3. From the FortiExtender Profiles dropdown list, select the profile that you configured in step 2. Configure other fields as desired, then click Save.
  5. The new managed FortiSwitch displays in Management > Config > FortiSwitch > Managed FortiSwitches. Deploy the configuration to the FortiGates.
To configure a newly joined FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiExtender interface by going to Management > Config > Network > Interfaces, then clicking Create New > FortiExtender.
  3. Create a FortiExtender profile by going to Management > Config > FortiExtender > FortiExtender Profiles, then clicking Create New.
  4. Go to Management > Config > FortiExtender.
  5. Select the newly joined FortiSwitch, then select Edit.
  6. From the FortiExtender Profiles dropdown list, select the profile that you configured in step 2. Edit other fields as desired, then click Save.
To edit a FortiExtender device:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiExtender > FortiExtender.
  3. For the desired device, click Edit.

  4. Edit the fields as desired, then click Save.
To authorize or deauthorize a FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiExtender > FortiExtender.
  3. Select the Authorize or Deauthorize icon for the desired FortiExtender.
  4. In the dialog, select YES.

Config

Note

Using remote access in combination with configuration save mode is a recommended alternative to the Config feature. See Remote access.

In Config, you can access a pared-down version of the remote device's management interface to configure major features as if you were accessing the device itself. For configuration option descriptions, see the FortiOS documentation.

The configuration you see in FortiGate Cloud does not autorefresh. FortiGate Cloud displays a notification if the current local FortiGate configuration differs from the latest configuration uploaded to FortiGate Cloud. You can overwrite the FortiGate Cloud configuration with the current local FortiGate configuration by clicking Import, or merge the two configurations by clicking Merge. If you merge the configurations and there is a conflict between them (for example, an option is enabled locally on the FortiGate but disabled in FortiGate Cloud), FortiGate Cloud keeps the local FortiGate Cloud configuration for that option. You can then make any changes you want to reflect on the device and click Deploy to push the configuration to the device.

In the case that your device configuration version does not match the firmware version, FortiGate Cloud may display a Device config version does not match device firmware version message. You can click the Import button to synchronize the configurations.

FortiGate Cloud also supports CLI configuration using FortiExplorer over websocket with FortiOS 6.4.1 and later versions.

FortiGate Cloud supports configuring and deploying SD-WAN for FortiOS 5.6, 6.0, and 6.2, and SD-WAN zones for 6.4, 7.0, and 7.2.

To deploy cloud configuration to devices:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config.
  3. Before you edit any settings, click the Import button to retrieve the most up-to-date configuration from the FortiGate Cloud-connected device.
  4. On this page, you have limited access to a pared-down version of the FortiOS interface, allowing you to edit interfaces, routes, policies, and so on. Edit the FortiOS configuration as needed.
  5. When you are ready to push your updated configuration back to the device, click the Deploy button in the upper right.
  6. In the Schedule field, select the date and time to deploy the configuration to the device.
  7. Select Immediately if desired.
  8. Click Apply. You are limited to three successful configuration deployments per device for devices without a FortiGate Cloud subscription. The GUI displays the number of deployments left on the Deploy button on the Config page and in the Trials field in the Deploy Config to Device dialog. Once you reach the limit for a device, FortiGate Cloud grays out the Apply button in the Deploy Config to Device dialog and you cannot deploy the configuration.

  9. Wait for the configuration to download to the device. When it completes, a deployment log appears, showing you the changes as they appear in the CLI.
To download a deployment log:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config.
  3. Do one of the following:
    1. To download the log for the last successful deployment, beside Last Deployed: <yyyy-mm-dd hh:mm>, click Successful.
    2. To download the log for another deployment, beside Last Deployed: <yyyy-mm-dd hh:mm>, click History. Beside the desired deployment instance, click log.
  4. Click Download.

Managing FortiAP, FortiSwitch, and FortiExtender devices

You can use FortiGate Cloud to manage FortiAP, FortiSwitch, and FortiExtender devices that are connected to a FortiGate deployed to FortiGate Cloud. If these devices are already connected to the FortiGate when the FortiGate connects to FortiGate Cloud, FortiGate Cloud creates the FortiSwitch and FortiExtender profiles based on their uploaded configurations, while the FortiAP profile is predefined. If these devices are not already connected to FortiGate, you can preauthorize them by adding their serial number and selecting a predefined profile.

Managing FortiAPs

To create a managed FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. (Optional) Create an SSID by going to Management > Config > FortiAP > SSIDs. Creating an SSID is only necessary if a radio on the FortiAP profile is configured to use a manual SSID.
  3. (Optional) Create a FortiAP profile by going to Management > Config > FortiAP > FortiAP Profiles. You can also use the default profile instead of creating a new profile. To configure the SSID that you created, select Manual for SSIDs, then select the SSID from the dialog.
  4. Create the managed FortiAP:
    1. Go to Management > Config > FortiAP > Managed APs.
    2. Select Create New > Managed APs.
    3. Configure the FortiAP as desired, then click Save.
  5. The new managed FortiAP displays in Management > Config > FortiAP > Managed APs. Deploy the configuration to the FortiGates.
To configure a newly joined FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiAP > Managed APs.
  3. Select the newly joined FortiAP, then select Edit.
  4. Edit as desired, then click Save.
To authorize a managed FortiAP:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiAP > Managed APs.
  3. Select the Authorize icon for the desired FortiAP.
  4. In the dialog, select YES.

Managing FortiSwitches

To create a managed FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiSwitch profile by going to Management > Config > FortiSwitch > FortiSwitch Profile, then clicking Create New.
  3. Create the managed FortiSwitch:
    1. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
    2. Select Create New.
    3. Configure the FortiSwitch as desired, then click Save.
  4. The new managed FortiSwitch displays in Management > Config > FortiSwitch > Managed FortiSwitches. Deploy the configuration to the FortiGates.
To configure a newly joined FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
  3. Select the newly joined FortiSwitch, then select Edit.
  4. Edit as desired, then click Save.
To authorize or deauthorize a managed FortiSwitch:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiSwitch > Managed FortiSwitches.
  3. Select the Authorize or Deauthorize icon for the desired FortiSwitch.
  4. In the dialog, select YES.

Managing FortiExtenders

To create a managed FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiExtender interface by going to Management > Config > Network > Interfaces, then clicking Create New > FortiExtender.
  3. Create a FortiExtender profile by going to Management > Config > FortiExtender > FortiExtender Profiles, then clicking Create New.
  4. Create the FortiExtender:
    1. Go to Management > Config > FortiExtender.
    2. Select Create New.
    3. From the FortiExtender Profiles dropdown list, select the profile that you configured in step 2. Configure other fields as desired, then click Save.
  5. The new managed FortiSwitch displays in Management > Config > FortiSwitch > Managed FortiSwitches. Deploy the configuration to the FortiGates.
To configure a newly joined FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Create a FortiExtender interface by going to Management > Config > Network > Interfaces, then clicking Create New > FortiExtender.
  3. Create a FortiExtender profile by going to Management > Config > FortiExtender > FortiExtender Profiles, then clicking Create New.
  4. Go to Management > Config > FortiExtender.
  5. Select the newly joined FortiSwitch, then select Edit.
  6. From the FortiExtender Profiles dropdown list, select the profile that you configured in step 2. Edit other fields as desired, then click Save.
To edit a FortiExtender device:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiExtender > FortiExtender.
  3. For the desired device, click Edit.

  4. Edit the fields as desired, then click Save.
To authorize or deauthorize a FortiExtender:
  1. In Assets, hover over the desired device, then click Device View.
  2. Go to Management > Config > FortiExtender > FortiExtender.
  3. Select the Authorize or Deauthorize icon for the desired FortiExtender.
  4. In the dialog, select YES.