DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Cookbook
Getting started
Installing a FortiGate in NAT mode
Connecting network devices
Configuring interfaces
Adding a default route
Selecting DNS servers (optional)
Creating a policy
Results
Fortinet Security Fabric installation
Configuring Edge
Installing Accounting and Marketing
Installing Sales
Configuring the FortiAnalyzer
Adding security profiles (optional)
Results
VDOM configuration
Enabling and creating VDOMs
Configuring a management interface
Assigning interfaces
Creating per-VDOM administrators
Configuring the VDOMs
Configuring global security profiles
Results
FortiGate registration and basic settings
Registering your FortiGate
Setting system time
Creating administrators
Using a trusted host (optional)
Results
Verifying FortiGuard licenses and troubleshooting
Viewing your licenses
Troubleshooting
Results
Logging FortiGate traffic and using FortiView
Configuring log settings
Enabling logging
Results
Creating security policies for different users
Creating the Employee user and policy
Creating the Accounting user and policy
Creating the Admin user, device, and policy
Ordering the policy table
Results
Upgrading FortiGate firmware
Checking the current FortiOS firmware
Upgrading to the latest version
Results
Tags in the Fortinet Security Fabric
Creating tag categories and tags
Applying tags
Results
Port forwarding
Creating virtual IP addresses
Creating a virtual IP group
Creating a security policy
Results
Security Rating
Checking the Security Rating widget
Checking your Security Rating
Results
Automation stitches
Creating the Automation stitches
Testing the Automation stitches
Results
FortiSandbox in the Fortinet Security Fabric
Checking your Security Rating
Connecting the FortiSandbox
Allowing VM Internet access
Adding FortiSandbox to the Security Fabric
Adding sandbox inspection to security profiles
Results
FortiManager in the Fortinet Security Fabric
Connecting the FortiManager
Allowing Internet access
Configuring central management
Results
Redundant Internet with SD-WAN
Blocking malicious domains using threat feeds
Authentication
Agent-based FSSO for Windows AD
Installing the FSSO agent
Configuring the FSSO agent
Setting up your FortiGate for FSSO
Results
FSSO in polling mode for Windows AD
Creating a Fabric Connector
Creating a user group
Creating a policy
Results
High availability
High availability with two FortiGates
Setting up registration and licensing
Configuring the primary FortiGate for HA
Connecting the backup FortiGate
Configuring the backup FortiGate
Viewing the status of the HA cluster
Results
(Optional) Upgrading the firmware for the HA cluster
High Availability with FGCP (expert)
Configuring the primary FortiGate
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
Adding a third FortiGate to an FGCP cluster (expert)
Enabling override on the primary FortiGate (optional)
Configuring the new FortiGate
Connecting the new FortiGate to the cluster
Checking cluster operation
Disabling override (recommended)
Converting to an active-active cluster
Results
FGCP Virtual Clustering with two FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP Virtual Clustering with four FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
SD-WAN with FGCP HA (expert)
Connecting the FortiGate to your ISPs
Removing existing configuration references to interfaces
Creating the SD-WAN interface
Configuring SD-WAN load balancing
Creating a static route for the SD-WAN interface
Configuring a security policy for SD-WAN
Configuring the FortiGate for HA
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
Testing HA failover
Testing ISP failover
Security profiles
Blocking Facebook while allowing Workplace by Facebook
Creating a web filter profile
Applying the security profiles
Results
Antivirus scanning using flow-based inspection
Verifying the inspection mode
Configuring the AntiVirus profile
Enabling antivirus in a policy
Results
FortiSandbox in the Fortinet Security Fabric
Checking the Security Rating
Connecting the FortiSandbox and Edge
Allowing VM Internet access
Adding the FortiSandbox to the Security Fabric
Adding sandbox inspection to security profiles
Results
DNS Filtering
Creating a DNS web filter profile
Enabling DNS filtering in a security policy
Results
(Optional) Changing the FortiDNS server and port
Troubleshooting
Content Disarm and Reconstruction (CDR)
Setting the system inspection mode
Testing FortiSandbox connectivity
Enabling Content Disarm and Reconstruction
Configuring the Internet access policy
Results
Troubleshooting
Preventing certificate warnings (CA-signed certificate)
Using a CA-signed certificate
Generating a CSR on a FortiGate
Getting the certificate signed by a CA
Importing the signed certificate to your FortiGate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Preventing certificate warnings (default certificate)
Using the default certificate
Generating a unique certificate
Downloading the certificate
Applying SSL inspection to a policy
Importing the certificate into web browsers
Results
Preventing certificate warnings (self-signed)
Creating a certificate with OpenSSL
Importing the self-signed certificate
Editing the SSL inspection profile
Applying SSL inspection to a policy
Importing the certificate into web browsers
Results
Why you should use SSL inspection
VPNs
SSL VPN quick start
SSL VPN split tunnel for remote user
Connecting from FortiClient VPN client
Set up FortiToken two-factor authentication
Connecting from FortiClient with FortiToken
SSL VPN using web and tunnel mode
Editing the SSL VPN portal
Configuring the SSL VPN tunnel
Adding security policies
Verifying remote user OS and software
Results
SSL VPN with RADIUS and FortiToken
Creating a user and a user group
Creating the RADIUS client
Connecting the FortiGate to FortiAuthenticator
Allowing users to connect to the VPN
Results
FortiToken Mobile Push for SSL VPN
Adding FortiToken to FortiAuthenticator
Adding user to FortiAuthenticator
Creating the RADIUS client on FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
IPsec VPN with FortiClient
Adding a firewall address
Configuring the IPsec VPN
Creating a security policy
Add FortiToken two-factor authentication
Add LDAP user authentication
Configuring FortiClient
Results
One-Click VPN (OCVPN)
Enabling OCVPN
Confirming cloud membership
Results
Troubleshooting
Site-to-site IPsec VPN with two FortiGate devices
Configuring IPsec VPN on HQ
Configuring IPsec VPN on Branch
Results
Fortinet Security Fabric over IPsec VPN
Configuring tunnel interfaces
Adding tunnel interfaces to the VPN
Authorizing Branch for the Security Fabric
Allowing Branch to access the FortiAnalyzer
Results
Desynchronizing settings for Branch (optional)
Site-to-site IPsec VPN with overlapping subnets
Planning the new addressing scheme
Configuring the IPsec VPN on HQ
Configuring static routes on HQ
Configuring address objects on HQ
Configuring firewall policies on HQ
Configuring IPsec VPN on Branch
Configuring static routes on Branch
Configuring address objects on Branch
Configuring firewall policies on Branch
Results
Explanation
IPsec VPN to Alibaba Cloud (AliCloud)
Configuring the Alibaba Cloud (AliCloud) VPN gateway
Configuring the FortiGate
SSL VPN for remote users with MFA and user sensitivity
WiFi
Setting up WiFi with FortiAP
Connecting FortiAP
Creating an SSID
Creating a custom FortiAP profile
Creating a security policy
Results
Replacing the Fortinet_Wifi certificate
Guest WiFi accounts
Creating a guest user group
Creating an SSID
Creating a security policy
Creating a guest user management account
Creating a guest user account
Results
Change log
Home
FortiGate / FortiOS 6.0.0
Cookbook
6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Authentication
Authentication
This section contains information about authenticating users and devices.
Previous
Next
Authentication
Authentication
This section contains information about authenticating users and devices.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Getting started
Installing a FortiGate in NAT mode
Connecting network devices
Configuring interfaces
Adding a default route
Selecting DNS servers (optional)
Creating a policy
Results
Fortinet Security Fabric installation
Configuring Edge
Installing Accounting and Marketing
Installing Sales
Configuring the FortiAnalyzer
Adding security profiles (optional)
Results
VDOM configuration
Enabling and creating VDOMs
Configuring a management interface
Assigning interfaces
Creating per-VDOM administrators
Configuring the VDOMs
Configuring global security profiles
Results
FortiGate registration and basic settings
Registering your FortiGate
Setting system time
Creating administrators
Using a trusted host (optional)
Results
Verifying FortiGuard licenses and troubleshooting
Viewing your licenses
Troubleshooting
Results
Logging FortiGate traffic and using FortiView
Configuring log settings
Enabling logging
Results
Creating security policies for different users
Creating the Employee user and policy
Creating the Accounting user and policy
Creating the Admin user, device, and policy
Ordering the policy table
Results
Upgrading FortiGate firmware
Checking the current FortiOS firmware
Upgrading to the latest version
Results
Tags in the Fortinet Security Fabric
Creating tag categories and tags
Applying tags
Results
Port forwarding
Creating virtual IP addresses
Creating a virtual IP group
Creating a security policy
Results
Security Rating
Checking the Security Rating widget
Checking your Security Rating
Results
Automation stitches
Creating the Automation stitches
Testing the Automation stitches
Results
FortiSandbox in the Fortinet Security Fabric
Checking your Security Rating
Connecting the FortiSandbox
Allowing VM Internet access
Adding FortiSandbox to the Security Fabric
Adding sandbox inspection to security profiles
Results
FortiManager in the Fortinet Security Fabric
Connecting the FortiManager
Allowing Internet access
Configuring central management
Results
Redundant Internet with SD-WAN
Blocking malicious domains using threat feeds
Authentication
Agent-based FSSO for Windows AD
Installing the FSSO agent
Configuring the FSSO agent
Setting up your FortiGate for FSSO
Results
FSSO in polling mode for Windows AD
Creating a Fabric Connector
Creating a user group
Creating a policy
Results
High availability
High availability with two FortiGates
Setting up registration and licensing
Configuring the primary FortiGate for HA
Connecting the backup FortiGate
Configuring the backup FortiGate
Viewing the status of the HA cluster
Results
(Optional) Upgrading the firmware for the HA cluster
High Availability with FGCP (expert)
Configuring the primary FortiGate
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
Adding a third FortiGate to an FGCP cluster (expert)
Enabling override on the primary FortiGate (optional)
Configuring the new FortiGate
Connecting the new FortiGate to the cluster
Checking cluster operation
Disabling override (recommended)
Converting to an active-active cluster
Results
FGCP Virtual Clustering with two FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
FGCP Virtual Clustering with four FortiGates (expert)
Preparing the FortiGates
Configuring clustering
Connecting and verifying cluster operation
Adding VDOMs and setting up virtual clustering
Checking virtual cluster operation
Results
SD-WAN with FGCP HA (expert)
Connecting the FortiGate to your ISPs
Removing existing configuration references to interfaces
Creating the SD-WAN interface
Configuring SD-WAN load balancing
Creating a static route for the SD-WAN interface
Configuring a security policy for SD-WAN
Configuring the FortiGate for HA
Configuring the backup FortiGate
Connecting the primary and backup FortiGates
Checking cluster operation
Disabling override (recommended)
Results
Testing HA failover
Testing ISP failover
Security profiles
Blocking Facebook while allowing Workplace by Facebook
Creating a web filter profile
Applying the security profiles
Results
Antivirus scanning using flow-based inspection
Verifying the inspection mode
Configuring the AntiVirus profile
Enabling antivirus in a policy
Results
FortiSandbox in the Fortinet Security Fabric
Checking the Security Rating
Connecting the FortiSandbox and Edge
Allowing VM Internet access
Adding the FortiSandbox to the Security Fabric
Adding sandbox inspection to security profiles
Results
DNS Filtering
Creating a DNS web filter profile
Enabling DNS filtering in a security policy
Results
(Optional) Changing the FortiDNS server and port
Troubleshooting
Content Disarm and Reconstruction (CDR)
Setting the system inspection mode
Testing FortiSandbox connectivity
Enabling Content Disarm and Reconstruction
Configuring the Internet access policy
Results
Troubleshooting
Preventing certificate warnings (CA-signed certificate)
Using a CA-signed certificate
Generating a CSR on a FortiGate
Getting the certificate signed by a CA
Importing the signed certificate to your FortiGate
Editing the SSL inspection profile
Importing the certificate into web browsers
Results
Preventing certificate warnings (default certificate)
Using the default certificate
Generating a unique certificate
Downloading the certificate
Applying SSL inspection to a policy
Importing the certificate into web browsers
Results
Preventing certificate warnings (self-signed)
Creating a certificate with OpenSSL
Importing the self-signed certificate
Editing the SSL inspection profile
Applying SSL inspection to a policy
Importing the certificate into web browsers
Results
Why you should use SSL inspection
VPNs
SSL VPN quick start
SSL VPN split tunnel for remote user
Connecting from FortiClient VPN client
Set up FortiToken two-factor authentication
Connecting from FortiClient with FortiToken
SSL VPN using web and tunnel mode
Editing the SSL VPN portal
Configuring the SSL VPN tunnel
Adding security policies
Verifying remote user OS and software
Results
SSL VPN with RADIUS and FortiToken
Creating a user and a user group
Creating the RADIUS client
Connecting the FortiGate to FortiAuthenticator
Allowing users to connect to the VPN
Results
FortiToken Mobile Push for SSL VPN
Adding FortiToken to FortiAuthenticator
Adding user to FortiAuthenticator
Creating the RADIUS client on FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL VPN
Results
IPsec VPN with FortiClient
Adding a firewall address
Configuring the IPsec VPN
Creating a security policy
Add FortiToken two-factor authentication
Add LDAP user authentication
Configuring FortiClient
Results
One-Click VPN (OCVPN)
Enabling OCVPN
Confirming cloud membership
Results
Troubleshooting
Site-to-site IPsec VPN with two FortiGate devices
Configuring IPsec VPN on HQ
Configuring IPsec VPN on Branch
Results
Fortinet Security Fabric over IPsec VPN
Configuring tunnel interfaces
Adding tunnel interfaces to the VPN
Authorizing Branch for the Security Fabric
Allowing Branch to access the FortiAnalyzer
Results
Desynchronizing settings for Branch (optional)
Site-to-site IPsec VPN with overlapping subnets
Planning the new addressing scheme
Configuring the IPsec VPN on HQ
Configuring static routes on HQ
Configuring address objects on HQ
Configuring firewall policies on HQ
Configuring IPsec VPN on Branch
Configuring static routes on Branch
Configuring address objects on Branch
Configuring firewall policies on Branch
Results
Explanation
IPsec VPN to Alibaba Cloud (AliCloud)
Configuring the Alibaba Cloud (AliCloud) VPN gateway
Configuring the FortiGate
SSL VPN for remote users with MFA and user sensitivity
WiFi
Setting up WiFi with FortiAP
Connecting FortiAP
Creating an SSID
Creating a custom FortiAP profile
Creating a security policy
Results
Replacing the Fortinet_Wifi certificate
Guest WiFi accounts
Creating a guest user group
Creating an SSID
Creating a security policy
Creating a guest user management account
Creating a guest user account
Results
Change log