DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Cookbook
Getting started
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
FortiExplorer for iOS
Getting started with FortiExplorer
Connecting FortiExplorer to a FortiGate via WiFi
Running a security rating
Upgrading to FortiExplorer Pro
Basic administration
Registration
Unified FortiCare and FortiGate Cloud login
FortiGate Cloud
Troubleshooting your installation
Zero touch provisioning
Zero touch provisioning with FortiDeploy
Zero touch provisioning with FortiManager
Dashboard
Dashboard CLI
Configuration backups
Fortinet Security Fabric
Components
Security Fabric device configuration
FortiGate
FortiAnalyzer
FortiSandbox
FortiManager
FortiClient EMS
FortiAP and FortiSwitch
Additional devices
Deploying Security Fabric
Using the Security Fabric
Dashboard widgets
Topology
Security rating
Topology view — consolidated risk
Fabric connectors
SDN connectors
AliCloud SDN connector
AWS SDN connector with IAM credentials
Azure Stack SDN connector
VMware ESXi SDN connector
VMware NSX-T manager SDN connector
OpenStack (Horizon) SDN connector with domain filter
OCI SDN connector
ClearPass endpoint connector via FortiManager
Cisco pxGrid fabric connector
Cisco ACI SDN connector
Nuage SDN connector
Multiple concurrent SDN connectors
Filter lookup in SDN connectors
Kubernetes (K8s) SDN connectors
Private Cloud K8s SDN connector
AWS Kubernetes (EKS) SDN connector
GCP Kubernetes (GKE) SDN connector
Azure Kubernetes (AKS) SDN connector
Oracle Kubernetes (OKE) SDN connector
SSO/Identity connectors
FortiClient EMS connector
FortiNAC endpoint connector
Fortinet single sign-on agent
Symantec endpoint connector
Poll Active Directory server
RADIUS single sign-on (RSSO) agent
Threat feeds
External Block List (Threat Feed) – Policy
External Block List (Threat Feed) - Authentication
External Block List (Threat Feed) - File Hashes
External resources for DNS filter
Automation stitches
Creating automation stitches
Chaining and delaying actions
Triggers
FortiAnalyzer event handler trigger
Actions
CLI script action
NSX Quarantine action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
Webhook action
Slack integration webhook
Execute a CLI script based on CPU and memory thresholds
Diagnostics
Security Fabric over IPsec VPN
Viewing and controlling network risks via topology view
Leveraging LLDP to simplify security fabric negotiation
Leveraging SAML to switch between Security Fabric FortiGates
FortiManager Cloud service
FortiAnalyzer Cloud service
FortiView
FortiView interface
FortiView from disk
FortiView from FortiAnalyzer
Cloud application view
FortiView Sources usability
FortiView from FortiGate Cloud
Supported views for different log sources
FortiGate Cloud-based IOC
FortiView — subnet filters
FortiView dashboards and widgets
FortiView object names
Network
Interfaces
Interface settings
Aggregation and redundancy
VLANs
Enhanced MAC VLANs
Inter-VDOM routing
Software switch
Zone
Virtual Wire Pair
Failure detection for aggregate and redundant interfaces
VLAN inside VXLAN
Virtual Wire Pair with VXLAN
DNS
Important DNS CLI commands
DNS domain list
FortiGate DNS server
DDNS
DNS latency information
DNS over TLS
DNS troubleshooting
Explicit and transparent proxies
Explicit web proxy
FTP proxy
Transparent proxy
Proxy policy addresses
Proxy policy security profiles
Explicit proxy authentication
Transparent web proxy forwarding
Multiple dynamic header count
Restricted SaaS access (Office 365, G Suite, Dropbox)
Explicit proxy and FortiSandbox Cloud
SD-WAN
Basic SD-WAN setup
Creating the SD-WAN interface
Using DHCP interface
Implicit rule
Factory default health checks
WAN path control
Performance SLA - link monitoring
Performance SLA - SLA targets
SD-WAN rules - best quality
SD-WAN rules - lowest cost (SLA)
SD-WAN rules - maximize bandwidth (SLA)
MPLS (SIP and backup) + DIA (cloud apps)
SD-WAN traffic shaping and QoS
Per-link controls for policies and SLA checks
Advanced configuration
Self-originating traffic
SDN dynamic connector addresses in SD-WAN rules
Forward error correction on VPN overlay networks
Using BGP tags with SD-WAN rules
BGP multiple path support
Controlling traffic with BGP route mapping and service rules
ADVPN and shortcut paths
DSCP matching (shaping)
Dual VPN tunnel wizard
Internet service customization
Troubleshooting SD-WAN
Tracking SD-WAN sessions
Understanding SD-WAN related logs
SD-WAN related diagnose commands
SLA logging
SLA monitoring using the REST API
SD-WAN bandwidth monitoring service
Enable dynamic connector addresses in SD-WAN policies
Configuring SD-WAN in an HA cluster using internal hardware switches
DHCP server
DHCP relay agent information option
Direct IP support for LTE/4G
LLDP reception
System
Administrators
Administrator profiles
Add a local administrator
Remote authentication for administrators
Password policy
Firmware
Downloading a firmware image
Testing a firmware version
Upgrading the firmware
Downgrading to a previous firmware version
Installing firmware from system reboot
Restoring from a USB drive
Controlled upgrade
Settings
Default administrator password
Changing the host name
Setting the system time
SHA-1 authentication support (for NTPv4)
PTPv2 (slave mode)
Configuring ports
Custom default service port range
Setting the idle timeout time
Setting the password policy
Changing the view settings
Setting the administrator password retries and lockout time
Virtual Domains
Split-task VDOM mode
Assign interfaces to a VDOM
Create per-VDOM administrators
Multi VDOM mode
Multi VDOM configuration examples
NAT mode
NAT and transparent mode
High Availability
Introduction to the FGCP cluster
Failover protection
FGSP (session synchronization) peer setup
Using standalone configuration synchronization
Troubleshoot an HA formation
Check HA sync status
Disabling stateful SCTP inspection
Upgrading FortiGates in an HA cluster
HA cluster setup examples
HA active-passive cluster setup
HA active-active cluster setup
HA virtual cluster setup
HA using a hardware switch to replace a physical switch
SNMP
Interface access
MIB files
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
Important SNMP traps
Replacement messages
Replacement message groups
FortiGuard
IPv6 FortiGuard connections
Configuring antivirus and IPS options
Manual updates
Automatic updates
Sending malware statistics to FortiGuard
Update server location
Filtering
Override FortiGuard servers
Online security tools
FortiGuard third party SSL validation and anycast support
Advanced
Configuration scripts
Workspace mode
Feature visibility
Certificates
Microsoft CA deep packet inspection
Purchase and import a signed SSL certificate
Policy and Objects
Policies
Firewall policy parameters
Profile-based NGFW vs policy-based NGFW
NGFW policy mode application default service
Policy views and policy lookup
Policy with source NAT
Static SNAT
Dynamic SNAT
Central SNAT
Policy with destination NAT
Static virtual IPs
Virtual IP with services
Virtual IPs with port forwarding
Virtual server
Policy with Internet Service
Using Internet Service in policy
Using custom Internet Service in policy
Using extension Internet Service in policy
Global IP address information database
IP reputation filtering
Internet service groups in policies
NAT64 policy and DNS64 (DNS proxy)
NAT46 policy
Multicast processing and basic Multicast policy
Local-in policies
IPv4/IPv6 access control lists
Mirroring SSL traffic in policies
Inspection mode per policy
Combined IPv4 and IPv6 policy
FortiGuard DNS filter for IPv6 policies
OSPFv3 neighbor authentication
Firewall anti-replay option per policy
Enabling advanced policy options in the GUI
Recognize anycast addresses in geo-IP blocking
Authentication policy extensions
NTLM extensions
HTTP to HTTPS redirect for load balancing
GTPv2 in policies
Use active directory objects directly in policies
FortiGate Cloud / FDN communication through an explicit proxy
Objects
Address group exclusions
MAC addressed-based policies
Dynamic policy — fabric devices
FSSO dynamic address subtype
ClearPass integration for dynamic address objects
Using wildcard FQDN addresses in firewall policies
Traffic shaping
Determining your QoS requirements
Packet rates
Interface bandwidth limit
Changing traffic shaper bandwidth unit of measurement
Shared traffic shaper
Per-IP traffic shaper
Type of Service-based prioritization and policy-based traffic shaping
Interface-based traffic shaping profile
Classifying traffic by source interface
Configuring traffic class IDs
Traffic shaping schedules
QoS assignment and rate limiting for quarantined VLANs
Weighted random early detection queuing
Security Profiles
Antivirus
Content disarm and reconstruction for antivirus
FortiGuard Outbreak Prevention for antivirus
External malware blocklist for antivirus
Checking flow antivirus statistics
CIFS support
Databases
Using FortiSandbox appliance with antivirus
Using FortiSandbox Cloud with antivirus
Web filter
URL filter
FortiGuard filter
Usage quota
Web content filter
File filter
Advanced filters 1
Advanced filters 2
External resources for web filter
Reliable web filter statistics
Flow-based web filtering
URL certificate blacklist
DNS filter
How to configure and apply a DNS filter profile
FortiGuard category-based DNS domain filtering
Botnet C&C domain blocking
DNS safe search
Local domain filter
DNS translation
Using a FortiGate as a DNS server
Troubleshooting for DNS filter
Application control
Basic category filters and overrides
Port enforcement check
Protocol enforcement
Intrusion prevention
Botnet C&C IP blocking
Email filter
Local-based filters
FortiGuard-based filters
File type-based filters
Protocols and actions
Configuring webmail filtering
Data leak prevention
Basic DLP filter types
DLP fingerprinting
DLP watermarking
VoIP solutions
General use cases
SIP message inspection and filtering
SIP pinholes
SIP over TLS
Custom SIP RTP port range support
Voice VLAN auto-assignment
ICAP
ICAP configuration example
Web application firewall
Protecting a server running web applications
Inspection modes
About inspection modes
Flow mode inspection (default mode)
Proxy mode inspection
Inspection mode feature comparison
Inspection mode differences for antivirus
Inspection mode differences for data leak prevention
Inspection mode differences for email filter
Inspection mode differences for web filter
SSL Inspection
Certificate inspection
Deep inspection
Protecting an SSL server
Ignoring the AUTH TLS command
SSH traffic file scanning
Overrides
Web rating override
Web profile override
Custom signatures
Application groups in policies
VPN
IPsec VPNs
Overlay Controller VPN (OCVPN)
Full mesh OCVPN
Hub-spoke OCVPN with ADVPN shortcut
Hub-spoke OCVPN with inter-overlay source NAT
OCVPN portal
Troubleshooting OCVPN
IPsec Tunnels
Represent multiple IPsec tunnels as a single interface
OSPF with IPsec VPN for network redundancy
GRE over IPsec
L2TP over IPsec
Policy-based IPsec tunnel
Per packet distribution and tunnel aggregation
IPsec VPN with external DHCP service
Site-to-site VPN
IPsec VPN in an HA environment
IPsec aggregate for redundancy and traffic load-balancing
Redundant hub and spoke VPN
IKEv2 IPsec site-to-site VPN to an Azure VPN gateway
IKEv2 IPsec site-to-site VPN to an AWS VPN gateway
IPsec VPN to Azure
Dialup VPN
FortiGate as dialup client
FortiClient as dialup client
iOS device as dialup client
ADVPN
ADVPN with BGP as the routing protocol
ADVPN with OSPF as the routing protocol
ADVPN with RIP as the routing protocol
IPsec VPN wizard hub-and-spoke ADVPN support
Authentication in VPN
IPsec VPN authenticating a remote FortiGate peer with a pre-shared key
IPsec VPN authenticating a remote FortiGate peer with a certificate
VXLAN over IPsec tunnel
Other VPN topics
Tunneled Internet browsing
VPN and ASIC offload
Encryption algorithms
Fragmenting IP packets before IPsec encapsulation
VPN IPsec troubleshooting
Understanding VPN related logs
IPsec related diagnose command
SSL VPN
SSL VPN best practices
SSL VPN web mode for remote user
SSL VPN tunnel mode
SSL VPN full tunnel for remote user
SSL VPN split tunnel for remote user
SSL VPN tunnel mode host check
SSL VPN multi-realm
SSL VPN authentication
SSL VPN with certificate authentication
SSL VPN with LDAP-integrated certificate authentication
SSL VPN with FortiToken mobile push authentication
SSL VPN with RADIUS on FortiAuthenticator
SSL VPN with RADIUS and FortiToken mobile push on FortiAuthenticator
SSL VPN with local user password policy
SSL VPN with RADIUS password renew on FortiAuthenticator
SSL VPN with LDAP user password renew
SSL VPN protocols
TLS 1.3 support
SMBv2 support
SSL VPN to IPsec VPN
SSL VPN troubleshooting
User & Device
Endpoint control and compliance
Per-policy disclaimer messages
Compliance
FortiSandbox Cloud region selection
FortiGate — VM unique certificate
Running a file system check automatically
FortiGuard distribution of updated Apple certificates
User Definition
User types
Removing a user
User Groups
Configuring POP3 authentication
Dynamic policies - FortiClient EMS
Guest Management
Configuring guest access
Retail environment guest access
Device Inventory
Device summary and filtering
Adding MAC-based addresses to devices
Custom Devices & Groups
Creating a custom device
Creating a custom device group
Configuring an avatar for a custom device
LDAP Servers
FSSO polling connector agent installation
Enabling Active Directory recursive search
Configuring LDAP dial-in using a member attribute
Configuring wildcard admin accounts
RADIUS Servers
Configuring RADIUS SSO authentication
RSA ACE (SecurID) servers
TACACS+ Servers
Authentication Settings
FortiTokens
Configuring FortiTokens
FortiToken Cloud
Configuring FortiToken Mobile
FortiToken maintenance
FortiToken Mobile Push
SAML
SAML SSO overview
Configuring a FortiGate as the IdP
Configuring FGT_B as an SP
Creating a new system administrator on the IdP (FGT_A)
Logging in to FGT_B using SSO
Granting permissions to new SSO administrator accounts
Logging in to FGT_B again using SSO
CLI commands for SAML SSO
SAML SSO with pre-authorized FortiGates
Manual SAML SSO configuration
Navigating between Security Fabric members with SSO
Logging in to a FortiGate SP from root FortiGate IdP
Logging in to a downstream FortiGate SP in another Security Fabric
Certificates for SAML SSO
Unique SAML attribute types
FortiGate SP changes
Configuring the maximum log in attempts and lockout period
Creating a PKI/peer user
Configuring firewall authentication
Wireless configuration
Switch Controller
FortiLink setup
FortiLink auto network configuration policy
FortiLink network sniffer extension
FortiLink MCLAG configuration
Standalone FortiGate as switch controller
Standalone FortiGate as switch controller
Multiple FortiSwitches managed via hardware/software switch
Multiple FortiSwitches in tiers via aggregate interface with redundant link enabled
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled only on distribution
HA (A-P) mode FortiGate pairs as switch controller
Multiple FortiSwitches managed via hardware/software switch
Multiple FortiSwitches in tiers via aggregate interface with redundant link enabled
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled only on distribution
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled on all tiers
Authentication and security
MAC-based 802.1X authentication
Port-based 802.1X authentication
MAC layer control - Sticky MAC and MAC Learning-limit
Quarantine
Flow and Device Detection
Data statistic
Security Fabric showing
FortiSwitch multi-tenant support
Persistent MAC learning
Split port mode (for QSFP / QSFP28)
Dynamic VLAN name assignment from RADIUS attribute
MSTI support
Netflow and IPFIX support
Log and Report
Sample logs by log type
Checking the email filter log
Supported log types to FortiAnalyzer, syslog, and FortiAnalyzer Cloud
Configuring multiple FortiAnalyzers on a multi-VDOM FortiGate
Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
Source and destination UUID logging
Troubleshooting
Log-related diagnose commands
Backing up log files or dumping log messages
SNMP OID for logs that failed to send
Monitor
Policy and route checks
WiFi client monitor
WiFi health monitor
VM
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Oracle OCI
AliCloud
Private cloud
FortiGate multiple connector support
Adding VDOMs with FortiGate v-series
Terraform: FortiOS as a provider
PF SR-IOV driver support
Change Log
Home
FortiGate / FortiOS 6.2.0
Cookbook
6.2.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
User Definition
User Definition
The following topics provide information about user definition:
User types
Previous
Next
User Definition
User Definition
The following topics provide information about user definition:
User types
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Getting started
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
FortiExplorer for iOS
Getting started with FortiExplorer
Connecting FortiExplorer to a FortiGate via WiFi
Running a security rating
Upgrading to FortiExplorer Pro
Basic administration
Registration
Unified FortiCare and FortiGate Cloud login
FortiGate Cloud
Troubleshooting your installation
Zero touch provisioning
Zero touch provisioning with FortiDeploy
Zero touch provisioning with FortiManager
Dashboard
Dashboard CLI
Configuration backups
Fortinet Security Fabric
Components
Security Fabric device configuration
FortiGate
FortiAnalyzer
FortiSandbox
FortiManager
FortiClient EMS
FortiAP and FortiSwitch
Additional devices
Deploying Security Fabric
Using the Security Fabric
Dashboard widgets
Topology
Security rating
Topology view — consolidated risk
Fabric connectors
SDN connectors
AliCloud SDN connector
AWS SDN connector with IAM credentials
Azure Stack SDN connector
VMware ESXi SDN connector
VMware NSX-T manager SDN connector
OpenStack (Horizon) SDN connector with domain filter
OCI SDN connector
ClearPass endpoint connector via FortiManager
Cisco pxGrid fabric connector
Cisco ACI SDN connector
Nuage SDN connector
Multiple concurrent SDN connectors
Filter lookup in SDN connectors
Kubernetes (K8s) SDN connectors
Private Cloud K8s SDN connector
AWS Kubernetes (EKS) SDN connector
GCP Kubernetes (GKE) SDN connector
Azure Kubernetes (AKS) SDN connector
Oracle Kubernetes (OKE) SDN connector
SSO/Identity connectors
FortiClient EMS connector
FortiNAC endpoint connector
Fortinet single sign-on agent
Symantec endpoint connector
Poll Active Directory server
RADIUS single sign-on (RSSO) agent
Threat feeds
External Block List (Threat Feed) – Policy
External Block List (Threat Feed) - Authentication
External Block List (Threat Feed) - File Hashes
External resources for DNS filter
Automation stitches
Creating automation stitches
Chaining and delaying actions
Triggers
FortiAnalyzer event handler trigger
Actions
CLI script action
NSX Quarantine action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
Webhook action
Slack integration webhook
Execute a CLI script based on CPU and memory thresholds
Diagnostics
Security Fabric over IPsec VPN
Viewing and controlling network risks via topology view
Leveraging LLDP to simplify security fabric negotiation
Leveraging SAML to switch between Security Fabric FortiGates
FortiManager Cloud service
FortiAnalyzer Cloud service
FortiView
FortiView interface
FortiView from disk
FortiView from FortiAnalyzer
Cloud application view
FortiView Sources usability
FortiView from FortiGate Cloud
Supported views for different log sources
FortiGate Cloud-based IOC
FortiView — subnet filters
FortiView dashboards and widgets
FortiView object names
Network
Interfaces
Interface settings
Aggregation and redundancy
VLANs
Enhanced MAC VLANs
Inter-VDOM routing
Software switch
Zone
Virtual Wire Pair
Failure detection for aggregate and redundant interfaces
VLAN inside VXLAN
Virtual Wire Pair with VXLAN
DNS
Important DNS CLI commands
DNS domain list
FortiGate DNS server
DDNS
DNS latency information
DNS over TLS
DNS troubleshooting
Explicit and transparent proxies
Explicit web proxy
FTP proxy
Transparent proxy
Proxy policy addresses
Proxy policy security profiles
Explicit proxy authentication
Transparent web proxy forwarding
Multiple dynamic header count
Restricted SaaS access (Office 365, G Suite, Dropbox)
Explicit proxy and FortiSandbox Cloud
SD-WAN
Basic SD-WAN setup
Creating the SD-WAN interface
Using DHCP interface
Implicit rule
Factory default health checks
WAN path control
Performance SLA - link monitoring
Performance SLA - SLA targets
SD-WAN rules - best quality
SD-WAN rules - lowest cost (SLA)
SD-WAN rules - maximize bandwidth (SLA)
MPLS (SIP and backup) + DIA (cloud apps)
SD-WAN traffic shaping and QoS
Per-link controls for policies and SLA checks
Advanced configuration
Self-originating traffic
SDN dynamic connector addresses in SD-WAN rules
Forward error correction on VPN overlay networks
Using BGP tags with SD-WAN rules
BGP multiple path support
Controlling traffic with BGP route mapping and service rules
ADVPN and shortcut paths
DSCP matching (shaping)
Dual VPN tunnel wizard
Internet service customization
Troubleshooting SD-WAN
Tracking SD-WAN sessions
Understanding SD-WAN related logs
SD-WAN related diagnose commands
SLA logging
SLA monitoring using the REST API
SD-WAN bandwidth monitoring service
Enable dynamic connector addresses in SD-WAN policies
Configuring SD-WAN in an HA cluster using internal hardware switches
DHCP server
DHCP relay agent information option
Direct IP support for LTE/4G
LLDP reception
System
Administrators
Administrator profiles
Add a local administrator
Remote authentication for administrators
Password policy
Firmware
Downloading a firmware image
Testing a firmware version
Upgrading the firmware
Downgrading to a previous firmware version
Installing firmware from system reboot
Restoring from a USB drive
Controlled upgrade
Settings
Default administrator password
Changing the host name
Setting the system time
SHA-1 authentication support (for NTPv4)
PTPv2 (slave mode)
Configuring ports
Custom default service port range
Setting the idle timeout time
Setting the password policy
Changing the view settings
Setting the administrator password retries and lockout time
Virtual Domains
Split-task VDOM mode
Assign interfaces to a VDOM
Create per-VDOM administrators
Multi VDOM mode
Multi VDOM configuration examples
NAT mode
NAT and transparent mode
High Availability
Introduction to the FGCP cluster
Failover protection
FGSP (session synchronization) peer setup
Using standalone configuration synchronization
Troubleshoot an HA formation
Check HA sync status
Disabling stateful SCTP inspection
Upgrading FortiGates in an HA cluster
HA cluster setup examples
HA active-passive cluster setup
HA active-active cluster setup
HA virtual cluster setup
HA using a hardware switch to replace a physical switch
SNMP
Interface access
MIB files
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
Important SNMP traps
Replacement messages
Replacement message groups
FortiGuard
IPv6 FortiGuard connections
Configuring antivirus and IPS options
Manual updates
Automatic updates
Sending malware statistics to FortiGuard
Update server location
Filtering
Override FortiGuard servers
Online security tools
FortiGuard third party SSL validation and anycast support
Advanced
Configuration scripts
Workspace mode
Feature visibility
Certificates
Microsoft CA deep packet inspection
Purchase and import a signed SSL certificate
Policy and Objects
Policies
Firewall policy parameters
Profile-based NGFW vs policy-based NGFW
NGFW policy mode application default service
Policy views and policy lookup
Policy with source NAT
Static SNAT
Dynamic SNAT
Central SNAT
Policy with destination NAT
Static virtual IPs
Virtual IP with services
Virtual IPs with port forwarding
Virtual server
Policy with Internet Service
Using Internet Service in policy
Using custom Internet Service in policy
Using extension Internet Service in policy
Global IP address information database
IP reputation filtering
Internet service groups in policies
NAT64 policy and DNS64 (DNS proxy)
NAT46 policy
Multicast processing and basic Multicast policy
Local-in policies
IPv4/IPv6 access control lists
Mirroring SSL traffic in policies
Inspection mode per policy
Combined IPv4 and IPv6 policy
FortiGuard DNS filter for IPv6 policies
OSPFv3 neighbor authentication
Firewall anti-replay option per policy
Enabling advanced policy options in the GUI
Recognize anycast addresses in geo-IP blocking
Authentication policy extensions
NTLM extensions
HTTP to HTTPS redirect for load balancing
GTPv2 in policies
Use active directory objects directly in policies
FortiGate Cloud / FDN communication through an explicit proxy
Objects
Address group exclusions
MAC addressed-based policies
Dynamic policy — fabric devices
FSSO dynamic address subtype
ClearPass integration for dynamic address objects
Using wildcard FQDN addresses in firewall policies
Traffic shaping
Determining your QoS requirements
Packet rates
Interface bandwidth limit
Changing traffic shaper bandwidth unit of measurement
Shared traffic shaper
Per-IP traffic shaper
Type of Service-based prioritization and policy-based traffic shaping
Interface-based traffic shaping profile
Classifying traffic by source interface
Configuring traffic class IDs
Traffic shaping schedules
QoS assignment and rate limiting for quarantined VLANs
Weighted random early detection queuing
Security Profiles
Antivirus
Content disarm and reconstruction for antivirus
FortiGuard Outbreak Prevention for antivirus
External malware blocklist for antivirus
Checking flow antivirus statistics
CIFS support
Databases
Using FortiSandbox appliance with antivirus
Using FortiSandbox Cloud with antivirus
Web filter
URL filter
FortiGuard filter
Usage quota
Web content filter
File filter
Advanced filters 1
Advanced filters 2
External resources for web filter
Reliable web filter statistics
Flow-based web filtering
URL certificate blacklist
DNS filter
How to configure and apply a DNS filter profile
FortiGuard category-based DNS domain filtering
Botnet C&C domain blocking
DNS safe search
Local domain filter
DNS translation
Using a FortiGate as a DNS server
Troubleshooting for DNS filter
Application control
Basic category filters and overrides
Port enforcement check
Protocol enforcement
Intrusion prevention
Botnet C&C IP blocking
Email filter
Local-based filters
FortiGuard-based filters
File type-based filters
Protocols and actions
Configuring webmail filtering
Data leak prevention
Basic DLP filter types
DLP fingerprinting
DLP watermarking
VoIP solutions
General use cases
SIP message inspection and filtering
SIP pinholes
SIP over TLS
Custom SIP RTP port range support
Voice VLAN auto-assignment
ICAP
ICAP configuration example
Web application firewall
Protecting a server running web applications
Inspection modes
About inspection modes
Flow mode inspection (default mode)
Proxy mode inspection
Inspection mode feature comparison
Inspection mode differences for antivirus
Inspection mode differences for data leak prevention
Inspection mode differences for email filter
Inspection mode differences for web filter
SSL Inspection
Certificate inspection
Deep inspection
Protecting an SSL server
Ignoring the AUTH TLS command
SSH traffic file scanning
Overrides
Web rating override
Web profile override
Custom signatures
Application groups in policies
VPN
IPsec VPNs
Overlay Controller VPN (OCVPN)
Full mesh OCVPN
Hub-spoke OCVPN with ADVPN shortcut
Hub-spoke OCVPN with inter-overlay source NAT
OCVPN portal
Troubleshooting OCVPN
IPsec Tunnels
Represent multiple IPsec tunnels as a single interface
OSPF with IPsec VPN for network redundancy
GRE over IPsec
L2TP over IPsec
Policy-based IPsec tunnel
Per packet distribution and tunnel aggregation
IPsec VPN with external DHCP service
Site-to-site VPN
IPsec VPN in an HA environment
IPsec aggregate for redundancy and traffic load-balancing
Redundant hub and spoke VPN
IKEv2 IPsec site-to-site VPN to an Azure VPN gateway
IKEv2 IPsec site-to-site VPN to an AWS VPN gateway
IPsec VPN to Azure
Dialup VPN
FortiGate as dialup client
FortiClient as dialup client
iOS device as dialup client
ADVPN
ADVPN with BGP as the routing protocol
ADVPN with OSPF as the routing protocol
ADVPN with RIP as the routing protocol
IPsec VPN wizard hub-and-spoke ADVPN support
Authentication in VPN
IPsec VPN authenticating a remote FortiGate peer with a pre-shared key
IPsec VPN authenticating a remote FortiGate peer with a certificate
VXLAN over IPsec tunnel
Other VPN topics
Tunneled Internet browsing
VPN and ASIC offload
Encryption algorithms
Fragmenting IP packets before IPsec encapsulation
VPN IPsec troubleshooting
Understanding VPN related logs
IPsec related diagnose command
SSL VPN
SSL VPN best practices
SSL VPN web mode for remote user
SSL VPN tunnel mode
SSL VPN full tunnel for remote user
SSL VPN split tunnel for remote user
SSL VPN tunnel mode host check
SSL VPN multi-realm
SSL VPN authentication
SSL VPN with certificate authentication
SSL VPN with LDAP-integrated certificate authentication
SSL VPN with FortiToken mobile push authentication
SSL VPN with RADIUS on FortiAuthenticator
SSL VPN with RADIUS and FortiToken mobile push on FortiAuthenticator
SSL VPN with local user password policy
SSL VPN with RADIUS password renew on FortiAuthenticator
SSL VPN with LDAP user password renew
SSL VPN protocols
TLS 1.3 support
SMBv2 support
SSL VPN to IPsec VPN
SSL VPN troubleshooting
User & Device
Endpoint control and compliance
Per-policy disclaimer messages
Compliance
FortiSandbox Cloud region selection
FortiGate — VM unique certificate
Running a file system check automatically
FortiGuard distribution of updated Apple certificates
User Definition
User types
Removing a user
User Groups
Configuring POP3 authentication
Dynamic policies - FortiClient EMS
Guest Management
Configuring guest access
Retail environment guest access
Device Inventory
Device summary and filtering
Adding MAC-based addresses to devices
Custom Devices & Groups
Creating a custom device
Creating a custom device group
Configuring an avatar for a custom device
LDAP Servers
FSSO polling connector agent installation
Enabling Active Directory recursive search
Configuring LDAP dial-in using a member attribute
Configuring wildcard admin accounts
RADIUS Servers
Configuring RADIUS SSO authentication
RSA ACE (SecurID) servers
TACACS+ Servers
Authentication Settings
FortiTokens
Configuring FortiTokens
FortiToken Cloud
Configuring FortiToken Mobile
FortiToken maintenance
FortiToken Mobile Push
SAML
SAML SSO overview
Configuring a FortiGate as the IdP
Configuring FGT_B as an SP
Creating a new system administrator on the IdP (FGT_A)
Logging in to FGT_B using SSO
Granting permissions to new SSO administrator accounts
Logging in to FGT_B again using SSO
CLI commands for SAML SSO
SAML SSO with pre-authorized FortiGates
Manual SAML SSO configuration
Navigating between Security Fabric members with SSO
Logging in to a FortiGate SP from root FortiGate IdP
Logging in to a downstream FortiGate SP in another Security Fabric
Certificates for SAML SSO
Unique SAML attribute types
FortiGate SP changes
Configuring the maximum log in attempts and lockout period
Creating a PKI/peer user
Configuring firewall authentication
Wireless configuration
Switch Controller
FortiLink setup
FortiLink auto network configuration policy
FortiLink network sniffer extension
FortiLink MCLAG configuration
Standalone FortiGate as switch controller
Standalone FortiGate as switch controller
Multiple FortiSwitches managed via hardware/software switch
Multiple FortiSwitches in tiers via aggregate interface with redundant link enabled
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled only on distribution
HA (A-P) mode FortiGate pairs as switch controller
Multiple FortiSwitches managed via hardware/software switch
Multiple FortiSwitches in tiers via aggregate interface with redundant link enabled
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled only on distribution
Multiple FortiSwitches in tiers via aggregate interface with MCLAG enabled on all tiers
Authentication and security
MAC-based 802.1X authentication
Port-based 802.1X authentication
MAC layer control - Sticky MAC and MAC Learning-limit
Quarantine
Flow and Device Detection
Data statistic
Security Fabric showing
FortiSwitch multi-tenant support
Persistent MAC learning
Split port mode (for QSFP / QSFP28)
Dynamic VLAN name assignment from RADIUS attribute
MSTI support
Netflow and IPFIX support
Log and Report
Sample logs by log type
Checking the email filter log
Supported log types to FortiAnalyzer, syslog, and FortiAnalyzer Cloud
Configuring multiple FortiAnalyzers on a multi-VDOM FortiGate
Configuring multiple FortiAnalyzers (or syslog servers) per VDOM
Source and destination UUID logging
Troubleshooting
Log-related diagnose commands
Backing up log files or dumping log messages
SNMP OID for logs that failed to send
Monitor
Policy and route checks
WiFi client monitor
WiFi health monitor
VM
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Oracle OCI
AliCloud
Private cloud
FortiGate multiple connector support
Adding VDOMs with FortiGate v-series
Terraform: FortiOS as a provider
PF SR-IOV driver support
Change Log