Fortinet black logo

Managing FortiGate-VM on FortiManager

6.4.0
Copy Link
Copy Doc ID cf31fe37-64b1-11eb-b9ad-00505692583a:158883
Download PDF

Managing FortiGate-VM on FortiManager

After deploying the FortiGate-VM, you must register it as a managed device on FortiManager. FortiManager eases management, especially when you have multiple FortiGate-VM nodes, by providing a single pane of glass and allowing you to centrally manage firewall policies.

The steps described apply commonly to FortiManager-VM and FortiManager physical appliances.

Newly added devices are listed in the root ADOM under Device Manager as unauthorized.

To manage FortiGate-VM on FortiManager:
  1. Log in to FortiManager and enter the root ADOM.
  2. Go to Device Manager.
  3. Under UnAuthorized Devices, select the newly installed FortiGate-VM.
  4. Click Authorize device.
  5. Select the ADOM that you want to add the device to. Adding the VM to the same ADOM as the NSX-T connector is recommended.
  6. After FortiManager authorizes the device, click the FortiGate-VM and select Import Policy.
  7. For Object Selection, ensure that Import all objects is selected to ensure that FortiManager imports the virtual wire pair. Click Next.
  8. Do not modify external and internal under ADOM Interface. Click Next.
  9. You have successfully registered the FortiGate-VM as managed device under Managed Devices. Check the configuration:
    1. Double-click the device name to show the FortiGate-VM dashboard.
    2. Under Policy Package Status, click the policy package name. FortiManager displays the Policy Packages page.
    3. Click Tools > Display Options.
    4. Ensure that Virtual Wire Pair Policy is enabled, then click OK. Virtual wire pair policy is the firewall policy package to use for the FortiGate-VM, which works as service insertion/chaining on NSX-T. The policy list in the left pane displays the IPv4 virtual wire pair policy. The right pane may be empty at this step.

Managing FortiGate-VM on FortiManager

After deploying the FortiGate-VM, you must register it as a managed device on FortiManager. FortiManager eases management, especially when you have multiple FortiGate-VM nodes, by providing a single pane of glass and allowing you to centrally manage firewall policies.

The steps described apply commonly to FortiManager-VM and FortiManager physical appliances.

Newly added devices are listed in the root ADOM under Device Manager as unauthorized.

To manage FortiGate-VM on FortiManager:
  1. Log in to FortiManager and enter the root ADOM.
  2. Go to Device Manager.
  3. Under UnAuthorized Devices, select the newly installed FortiGate-VM.
  4. Click Authorize device.
  5. Select the ADOM that you want to add the device to. Adding the VM to the same ADOM as the NSX-T connector is recommended.
  6. After FortiManager authorizes the device, click the FortiGate-VM and select Import Policy.
  7. For Object Selection, ensure that Import all objects is selected to ensure that FortiManager imports the virtual wire pair. Click Next.
  8. Do not modify external and internal under ADOM Interface. Click Next.
  9. You have successfully registered the FortiGate-VM as managed device under Managed Devices. Check the configuration:
    1. Double-click the device name to show the FortiGate-VM dashboard.
    2. Under Policy Package Status, click the policy package name. FortiManager displays the Policy Packages page.
    3. Click Tools > Display Options.
    4. Ensure that Virtual Wire Pair Policy is enabled, then click OK. Virtual wire pair policy is the firewall policy package to use for the FortiGate-VM, which works as service insertion/chaining on NSX-T. The policy list in the left pane displays the IPv4 virtual wire pair policy. The right pane may be empty at this step.