system central-management
Use this command to configure central management for your FortiGate unit. Central management uses a remote location to backup, restore, and monitor the FortiGate unit's configuration. This can be either a FortiManager or the FortiCloud network.
History
The following table shows all added entries in FortiOS 6.0.7.
Command | Description |
---|---|
set local-cert {string} |
Certificate to be used by FGFM protocol. |
Syntax
config system central-management set mode {normal | backup} Central management mode. normal Manage and configure this FortiGate from FortiManager. backup Manage and configure this FortiGate locally and back up its configuration to FortiManager. set type {fortimanager | fortiguard | none} Central management type. fortimanager FortiManager. fortiguard Central management of this FortiGate using FortiCloud. none No central management. set schedule-config-restore {enable | disable} Enable/disable allowing the central management server to restore the configuration of this FortiGate. set schedule-script-restore {enable | disable} Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. set allow-push-configuration {enable | disable} Enable/disable allowing the central management server to push configuration changes to this FortiGate. set allow-push-firmware {enable | disable} Enable/disable allowing the central management server to push firmware updates to this FortiGate. set allow-remote-firmware-upgrade {enable | disable} Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. set allow-monitor {enable | disable} Enable/disable allowing the central management server to remotely monitor this FortiGate set serial-number {string} Serial number. set fmg {string} IP address or FQDN of the FortiManager. set fmg-source-ip {ipv4 address} IPv4 source address that this FortiGate uses when communicating with FortiManager. set fmg-source-ip6 {ipv6 address} IPv6 source address that this FortiGate uses when communicating with FortiManager. set local-cert {string} Certificate to be used by FGFM protocol. size[35] set vdom {string} Virtual domain (VDOM) name to use when communicating with FortiManager. size[31] - datasource(s): system.vdom.name config server-list edit {id} # Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers. set id {integer} ID. range[0-4294967295] set server-type {update | rating} FortiGuard service type. update AV, IPS, and AV-query update server. rating Web filter and anti-spam rating server. set addr-type {ipv4 | ipv6 | fqdn} Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. ipv4 IPv4 address. ipv6 IPv6 address. fqdn FQDN. set server-address {ipv4 address} IPv4 address of override server. set server-address6 {ipv6 address} IPv6 address of override server. set fqdn {string} FQDN address of override server. size[255] next set include-default-servers {enable | disable} Enable/disable inclusion of public FortiGuard servers in the override server list. set enc-algorithm {default | high | low} Encryption strength for communications between the FortiGate and central management. default High strength algorithms and these medium-strength 128-bit key length algorithms: RC4-SHA, RC4-MD5, RC4-MD. high 128-bit and larger key length algorithms: DHE-RSA-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, AES128-SHA. low 64-bit or 56-bit key length algorithms without export restrictions: EDH-RSA-DES-CDBC-SHA, DES-CBC-SHA, DES-CBC-MD5. end
mode {normal | backup}
Identify central management mode. Default is normal.
normal
: manage and configure the connected FortiGate devices from the FortiManager GUI.backup
: backup the FortiGate configurations to the FortiManager, but configure each FortiGate locally.
type {fortiguard | fortimanager | none}
Specify the type of central management. Setting type
to fortiguard
in the CLI is the same as setting it to FortiCloud in the GUI. FortiCloud used to be known as the FortiGuard Analysis and Management Service network. Default is fortimanager.
schedule-config-restore {enable | disable}
Enable/disable scheduling the restoration of your FortiGate's configuration. Default is enable.
schedule-script-restore {enable | disable}
Enable/disable scheduling the restoration of your FortiGate's configuration through scripts. Default is enable.
allow-push-configuration {enable | disable}
Enable/disable configuration image push updates for your FortiGate. Default is enable.
allow-pushd-firmware {enable | disable}
Enable/disable push firmware. Default is enable.
allow-remote-firmware-upgrade {enable | disable}
Enable/disable remote upgrading of your FortiGate to a new firmware. Default is enable.
allow-monitor {enable | disable}
Enable/disable remote monitoring of your FortiGate unit. Default is enable.
local-cert <string>
Certificate to be used by FGFM protocol.
fmg <fmg_ipv4>
Specify the IP address or FQDN of the remote FortiManager server. Appears only when type
is set to fortimanager
.
fmg-source-ip <address_ipv4>
Specify the source IPv4 address to use when connecting to FortiManager. Appears only when type
is set to fortimanager
.
fmg-source-ip6
Specify the source IPv6 address to use when connecting to FortiManager. Appears only when type
is set to fortimanager
.
vdom <name_str>
Optional. Specify name of virtual domain (VDOM) to use when communicating with FortiManager. Default is root.
enc-algorithm {default | high | low}
Specify encryption strength for communications between the FortiGate unit and FortiManager. Default is high.
default
: high- and medium-strength algorithmshigh:
128-bit and larger key length algorithmslow:
64-bit or 56-bit key length algorithms without export restrictions
config server-list
server-type {rating | update}
Specify the FortiGuard service type.
rating
: web filter or anti-spam rating serverupdate
: AV, IPS, or AV-query server
addr-type {ipv4 | ipv6}
Identify override server's address type.
server-address <ipv4>
Specify the override server's IPv4 address.
server-address6 <ipv6>
Specify the override server's IPv6 address.