DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
|
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
|
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
|
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Application Delivery
FortiADC
|
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
|
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
|
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
|
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
FortiTIP Cloud
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
All Products
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
FortiGate / FortiOS
FortiManager
FortiAnalyzer
Cookbook
Getting started
Installing a FortiGate in NAT mode
Connecting network devices
Configuring interfaces
Adding a default route
(Optional) Selecting DNS servers
Creating a policy
Results
Using zones to simplify firewall policies
Creating the VLAN interfaces
Creating the zone
Creating a firewall policy for the zone
Results
Redundant Internet with SD-WAN
Connecting your ISPs to the FortiGate
Modifying existing policies
Creating the SD-WAN interface
(Optional) Configuring SD-WAN Status Check
Allowing traffic from the internal network to the SD-WAN interface
Results
Testing failover
Fortinet Security Fabric installation and audit
Configuring External
Installing Accounting and Marketing
Installing Sales
Configuring the FortiAnalyzer
Running a Security Fabric Audit
Results
(Optional) Adding security profiles to the Security Fabric
Transparent web proxy
Configuring system and network settings
Adding proxy options to your policy
Creating a proxy policy
Results
Limiting bandwidth with traffic shaping
Enable Traffic Shaping
Creating a firewall address to limit
Configuring a traffic shaper to limit bandwidth
Verifying your Internet access security policy
Creating two traffic shaping policies
Results
NGFW policy-based mode
Configuring your FortiGate for NGFW policy-based mode
Creating a Central SNAT Policy
Creating an IPv4 policy to block Facebook
Ordering the policy table
Results
Packet capture
Creating packet capture filters
Results
Traffic shaping for VoIP
Enable Traffic Shaping and VoIP features
Creating a high priority VoIP traffic shaper
Creating a low priority FTP traffic shaper
Creating a medium priority daily traffic shaper
Adding a VoIP security profile to your Internet access policy
Creating three traffic shaping policies
Results
Authentication
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
SAML 2.0 FSSO with FortiAuthenticator and Centrify
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on the FortiAuthenticator
Adding SAML connector to Centrify for IdP metadata
Importing the IdP certificate and metadata on the FortiAuthenticator
Uploading the SP metadata to the Centrify tenant
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
SAML 2.0 FSSO with FortiAuthenticator and Google G Suite
Configuring FSSO and SAML on the FortiAuthenticator
Configuring SAML on G Suite
Importing the IdP certificate and metadata on the FortiAuthenticator
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
SAML 2.0 FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on the FortiAuthenticator
Configuring the Okta developer account IDP application
Importing the IDP certificate and metadata on the FortiAuthenticator
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
High availability
High availability with two FortiGates
Setting up registration and licensing
Configuring the primary FortiGate for HA
Connecting the backup FortiGate
Configuring the backup FortiGate for HA
Viewing the status of the HA cluster
Results
(Optional) Upgrading the firmware for the HA cluster
High availability with FGCP (expert)
Configuring the primary FortiGate
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
FGCP Virtual Clustering with two FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP Virtual Clustering with four FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP high availability troubleshooting
Before you set up a cluster
Troubleshooting licensing
Troubleshooting hardware revisions
Troubleshooting the initial cluster configuration
Verifying the cluster configuration from the GUI
Troubleshooting the cluster configuration from the GUI
Verifying the cluster configuration from the CLI
Troubleshooting the cluster configuration from the CLI
More troubleshooting information
Using FGSP to load balance access to two active-active data centers
Configuring the first FortiGate (Peer-1)
Configuring the second FortiGate (Peer-2)
Configuring the third FortiGate (Peer-3)
Configuring the fourth FortiGate (Peer-4)
Synchronizing TCP sessions
Synchronizing UDP and ICMP sessions
Synchronizing VoIP sessions
Security profiles
Blocking Facebook
Enabling Web Filtering and Application Control
Edit the default Web Filter profile
Edit the default Application Control profile
Creating the security policy
Results
FortiManager in the Fortinet Security Fabric
Connecting FortiManager and Edge
Configuring central management on Edge
Allowing FortiManager to have Internet access
Results
FortiSandbox in the Fortinet Security Fabric
Checking the Security Rating
Connecting FortiSandbox and Edge
Allowing VM Internet access
Adding FortiSandbox to Security Fabric
Adding sandbox inspection to security profiles
Results
Exempting Google from SSL inspection
Using the default deep-inspection profile
Creating an SSL/SSH profile that exempts Google
Results
Transparent web filtering using a virtual wire pair
Configure the management interface
Configure the virtual wire pair
Configure the virtual wire pair policy and enable web filtering
Results
Preventing certificate warnings (CA-signed certificate)
Using a CA-signed certificate
Generating a CSR on a FortiGate
Getting the certificate signed by a CA
Importing the signed certificate to your FortiGate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Preventing certificate warnings (default certificate)
Using the default certificate
Generating a unique certificate
Downloading the certificate
Importing the certificate into web browsers
Results
Preventing certificate warnings (self-signed)
Creating a certificate with OpenSSL
Importing the self-signed certificate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Why you should use SSL inspection
VPNs
Fortinet Security Fabric over IPsec VPN
Configuring the tunnel interfaces
Adding the tunnel interfaces to the VPN
Adding Branch to the Security Fabric
Allowing Branch to access the FortiAnalyzer
Results
(Optional) Using local logging for Branch
IPsec VPN with FortiClient
Creating a user group for remote users
Adding a firewall address
Configuring the IPsec VPN
Creating a security policy
Configuring FortiClient
Results
IPsec VPN to Azure
Site-to-site IPsec VPN with certificate authentication
Enabling certificate management
Obtaining the necessary certificates
Installing the client certificates
Installing the CA certificates
Configuring the IPsec VPN on HQ
Configuring the IPsec VPN on Branch
Results
Site-to-site IPsec VPN with two FortiGates
Configuring IPsec VPN on HQ
Configuring IPsec VPN on Branch
Results
Multicast IPsec VPN without PIM
Configuring the HQ IPsec VPN
Configuring the Branch IPsec VPN
Configuring the HQ multicast policy and phase 2 settings
Configuring the Branch multicast policy and phase 2 settings
Results
SSL VPN using web and tunnel mode
Editing the SSL VPN portal
Configuring the SSL VPN tunnel
Adding security policies
Verifying remote user OS and software
Results
Configuring ADVPN
Configuring the Hub FortiGate
Configuring the Spoke FortiGates
Results
Client-Side SD-WAN with IPsec VPN Deployment Scenario (Expert)
Configuring the data center FortiGates
Creating the data center side of the IPsec VPN
Adding addresses to the tunnel interfaces
Implementing route discovery with BGP
Controlling access to data center networks
Pointing to branch offices with black hole routes
Configuring Branch FortiGate
Creating the branch side of the IPsec VPN
Adding IP addresses to the tunnel interfaces
Implementing route discovery with BGP
Setting up the load balancing SD-WAN configuration
Controlling access from branch networks
Brainpool curves in IKEv2 IPsec VPN
Creating the HQ tunnel
Customizing the HQ tunnel
Creating and customizing the Remote Office tunnel
Results
WiFi
Setting up WiFi with a FortiAP
Connecting and authorizing the FortiAP unit
Creating an SSID
Creating a custom FAP profile
Allowing wireless access to the Internet
Results
Setting up a WiFi Bridge with a FortiAP
Connecting and authorizing the FortiAP unit
Creating an SSID
Creating a custom FortiAP profile
Results
Filtering WiFi clients by MAC address
Acquiring the MAC address
Creating the FortiAP interfaces
Defining a device using its MAC address
Creating the new SSID
Managing the FortiAP
Authorizing the managed FortiAP
Editing the default FortiAP profile
Allowing wireless access to the Internet
Results
Dual-band SSID with optional client load balancing
Configuring the dual-band SSID
Results
(Optional) Adding client load balancing
Monitoring and suppressing rogue APs
Configuring rogue scanning
Monitoring rogue APs
Suppressing rogue APs
Reverting a suppressed AP
Exempting an AP from rogue scanning
FortiConnect guest on-boarding using RSSO
Registering the WLC as a RADIUS client on the FortiConnect
Registering the FortiGate as a RADIUS accounting server on the FortiConnect
Validating the WLC configuration created from FortiConnect
Creating a security profile on the WLC
Creating the wireless ESS profile on the WLC
Enabling RADIUS accounting listening on the FortiGate
Configuring the RSSO Agent on the FortiGate
Results
FortiConnect as a RADIUS server in FortiCloud
Configuring FortiCloud to access FortiConnect
Configuring FortiCloud as a RADIUS client on FortiConnect
Configuring FortiConnect as a RADIUS server on FortiCloud
Creating a new SSID on FortiCloud
Results
Replacing the Fortinet_Wifi certificate
Change Log
Home
FortiGate / FortiOS 5.6.0
Cookbook
5.6.0
6.2.0
6.0.0
5.6.0
5.4.0
Importing the signed certificate to your FortiGate
Importing the signed certificate to your FortiGate
On FortiGate, go to
System > Certificates
and select
Import > Local Certificate
.
Browse to the certificate file and select
OK
.
The certificate has a
Status
of
OK
.
Previous
Next
Importing the signed certificate to your FortiGate
Importing the signed certificate to your FortiGate
On FortiGate, go to
System > Certificates
and select
Import > Local Certificate
.
Browse to the certificate file and select
OK
.
The certificate has a
Status
of
OK
.
Previous
Next
Home
Products
Summary
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By Solution
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By 4D Pillars
Secure SD-WAN
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Application Delivery
FortiADC
FortiGSLB
Secure Access Service Edge(SASE)
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
ZTNA
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
LAN Edge
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity and Access Management
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application Firewall
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
By Cloud
Public Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
Private Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
FortiCloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Best Practices
4D Resources
Define, Design, Deploy, Demo
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Solution Hubs
Curated Links by Solution
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
Hardware Guides
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Products A-Z
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Getting started
Installing a FortiGate in NAT mode
Connecting network devices
Configuring interfaces
Adding a default route
(Optional) Selecting DNS servers
Creating a policy
Results
Using zones to simplify firewall policies
Creating the VLAN interfaces
Creating the zone
Creating a firewall policy for the zone
Results
Redundant Internet with SD-WAN
Connecting your ISPs to the FortiGate
Modifying existing policies
Creating the SD-WAN interface
(Optional) Configuring SD-WAN Status Check
Allowing traffic from the internal network to the SD-WAN interface
Results
Testing failover
Fortinet Security Fabric installation and audit
Configuring External
Installing Accounting and Marketing
Installing Sales
Configuring the FortiAnalyzer
Running a Security Fabric Audit
Results
(Optional) Adding security profiles to the Security Fabric
Transparent web proxy
Configuring system and network settings
Adding proxy options to your policy
Creating a proxy policy
Results
Limiting bandwidth with traffic shaping
Enable Traffic Shaping
Creating a firewall address to limit
Configuring a traffic shaper to limit bandwidth
Verifying your Internet access security policy
Creating two traffic shaping policies
Results
NGFW policy-based mode
Configuring your FortiGate for NGFW policy-based mode
Creating a Central SNAT Policy
Creating an IPv4 policy to block Facebook
Ordering the policy table
Results
Packet capture
Creating packet capture filters
Results
Traffic shaping for VoIP
Enable Traffic Shaping and VoIP features
Creating a high priority VoIP traffic shaper
Creating a low priority FTP traffic shaper
Creating a medium priority daily traffic shaper
Adding a VoIP security profile to your Internet access policy
Creating three traffic shaping policies
Results
Authentication
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
SAML 2.0 FSSO with FortiAuthenticator and Centrify
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on the FortiAuthenticator
Adding SAML connector to Centrify for IdP metadata
Importing the IdP certificate and metadata on the FortiAuthenticator
Uploading the SP metadata to the Centrify tenant
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
SAML 2.0 FSSO with FortiAuthenticator and Google G Suite
Configuring FSSO and SAML on the FortiAuthenticator
Configuring SAML on G Suite
Importing the IdP certificate and metadata on the FortiAuthenticator
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
SAML 2.0 FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on the FortiAuthenticator
Configuring the Okta developer account IDP application
Importing the IDP certificate and metadata on the FortiAuthenticator
Configuring FSSO on the FortiGate
Configuring Captive Portal and security policies
Results
High availability
High availability with two FortiGates
Setting up registration and licensing
Configuring the primary FortiGate for HA
Connecting the backup FortiGate
Configuring the backup FortiGate for HA
Viewing the status of the HA cluster
Results
(Optional) Upgrading the firmware for the HA cluster
High availability with FGCP (expert)
Configuring the primary FortiGate
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
FGCP Virtual Clustering with two FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP Virtual Clustering with four FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP high availability troubleshooting
Before you set up a cluster
Troubleshooting licensing
Troubleshooting hardware revisions
Troubleshooting the initial cluster configuration
Verifying the cluster configuration from the GUI
Troubleshooting the cluster configuration from the GUI
Verifying the cluster configuration from the CLI
Troubleshooting the cluster configuration from the CLI
More troubleshooting information
Using FGSP to load balance access to two active-active data centers
Configuring the first FortiGate (Peer-1)
Configuring the second FortiGate (Peer-2)
Configuring the third FortiGate (Peer-3)
Configuring the fourth FortiGate (Peer-4)
Synchronizing TCP sessions
Synchronizing UDP and ICMP sessions
Synchronizing VoIP sessions
Security profiles
Blocking Facebook
Enabling Web Filtering and Application Control
Edit the default Web Filter profile
Edit the default Application Control profile
Creating the security policy
Results
FortiManager in the Fortinet Security Fabric
Connecting FortiManager and Edge
Configuring central management on Edge
Allowing FortiManager to have Internet access
Results
FortiSandbox in the Fortinet Security Fabric
Checking the Security Rating
Connecting FortiSandbox and Edge
Allowing VM Internet access
Adding FortiSandbox to Security Fabric
Adding sandbox inspection to security profiles
Results
Exempting Google from SSL inspection
Using the default deep-inspection profile
Creating an SSL/SSH profile that exempts Google
Results
Transparent web filtering using a virtual wire pair
Configure the management interface
Configure the virtual wire pair
Configure the virtual wire pair policy and enable web filtering
Results
Preventing certificate warnings (CA-signed certificate)
Using a CA-signed certificate
Generating a CSR on a FortiGate
Getting the certificate signed by a CA
Importing the signed certificate to your FortiGate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Preventing certificate warnings (default certificate)
Using the default certificate
Generating a unique certificate
Downloading the certificate
Importing the certificate into web browsers
Results
Preventing certificate warnings (self-signed)
Creating a certificate with OpenSSL
Importing the self-signed certificate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Why you should use SSL inspection
VPNs
Fortinet Security Fabric over IPsec VPN
Configuring the tunnel interfaces
Adding the tunnel interfaces to the VPN
Adding Branch to the Security Fabric
Allowing Branch to access the FortiAnalyzer
Results
(Optional) Using local logging for Branch
IPsec VPN with FortiClient
Creating a user group for remote users
Adding a firewall address
Configuring the IPsec VPN
Creating a security policy
Configuring FortiClient
Results
IPsec VPN to Azure
Site-to-site IPsec VPN with certificate authentication
Enabling certificate management
Obtaining the necessary certificates
Installing the client certificates
Installing the CA certificates
Configuring the IPsec VPN on HQ
Configuring the IPsec VPN on Branch
Results
Site-to-site IPsec VPN with two FortiGates
Configuring IPsec VPN on HQ
Configuring IPsec VPN on Branch
Results
Multicast IPsec VPN without PIM
Configuring the HQ IPsec VPN
Configuring the Branch IPsec VPN
Configuring the HQ multicast policy and phase 2 settings
Configuring the Branch multicast policy and phase 2 settings
Results
SSL VPN using web and tunnel mode
Editing the SSL VPN portal
Configuring the SSL VPN tunnel
Adding security policies
Verifying remote user OS and software
Results
Configuring ADVPN
Configuring the Hub FortiGate
Configuring the Spoke FortiGates
Results
Client-Side SD-WAN with IPsec VPN Deployment Scenario (Expert)
Configuring the data center FortiGates
Creating the data center side of the IPsec VPN
Adding addresses to the tunnel interfaces
Implementing route discovery with BGP
Controlling access to data center networks
Pointing to branch offices with black hole routes
Configuring Branch FortiGate
Creating the branch side of the IPsec VPN
Adding IP addresses to the tunnel interfaces
Implementing route discovery with BGP
Setting up the load balancing SD-WAN configuration
Controlling access from branch networks
Brainpool curves in IKEv2 IPsec VPN
Creating the HQ tunnel
Customizing the HQ tunnel
Creating and customizing the Remote Office tunnel
Results
WiFi
Setting up WiFi with a FortiAP
Connecting and authorizing the FortiAP unit
Creating an SSID
Creating a custom FAP profile
Allowing wireless access to the Internet
Results
Setting up a WiFi Bridge with a FortiAP
Connecting and authorizing the FortiAP unit
Creating an SSID
Creating a custom FortiAP profile
Results
Filtering WiFi clients by MAC address
Acquiring the MAC address
Creating the FortiAP interfaces
Defining a device using its MAC address
Creating the new SSID
Managing the FortiAP
Authorizing the managed FortiAP
Editing the default FortiAP profile
Allowing wireless access to the Internet
Results
Dual-band SSID with optional client load balancing
Configuring the dual-band SSID
Results
(Optional) Adding client load balancing
Monitoring and suppressing rogue APs
Configuring rogue scanning
Monitoring rogue APs
Suppressing rogue APs
Reverting a suppressed AP
Exempting an AP from rogue scanning
FortiConnect guest on-boarding using RSSO
Registering the WLC as a RADIUS client on the FortiConnect
Registering the FortiGate as a RADIUS accounting server on the FortiConnect
Validating the WLC configuration created from FortiConnect
Creating a security profile on the WLC
Creating the wireless ESS profile on the WLC
Enabling RADIUS accounting listening on the FortiGate
Configuring the RSSO Agent on the FortiGate
Results
FortiConnect as a RADIUS server in FortiCloud
Configuring FortiCloud to access FortiConnect
Configuring FortiCloud as a RADIUS client on FortiConnect
Configuring FortiConnect as a RADIUS server on FortiCloud
Creating a new SSID on FortiCloud
Results
Replacing the Fortinet_Wifi certificate
Change Log
