Fortinet white logo
Fortinet white logo

CLI Reference

system central-management

Configure central management.

  config system central-management
      Description: Configure central management.
      set mode [normal|backup]
      set type [fortimanager|fortiguard|...]
      set schedule-config-restore [enable|disable]
      set schedule-script-restore [enable|disable]
      set allow-push-configuration [enable|disable]
      set allow-push-firmware [enable|disable]
      set allow-remote-firmware-upgrade [enable|disable]
      set allow-monitor [enable|disable]
      set serial-number {user}
      set fmg {user}
      set fmg-source-ip {ipv4-address}
      set fmg-source-ip6 {ipv6-address}
      set local-cert {string}
      set ca-cert {user}
      set vdom {string}
      config server-list
          Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
          edit <id>
              set server-type {option1}, {option2}, ...
              set addr-type [ipv4|ipv6|...]
              set server-address {ipv4-address}
              set server-address6 {ipv6-address}
              set fqdn {string}
          next
      end
      set fmg-update-port [8890|443]
      set include-default-servers [enable|disable]
      set enc-algorithm [default|high|...]
  end

config system central-management

Parameter Name Description Type Size
mode Central management mode.
normal: Manage and configure this FortiGate from FortiManager.
backup: Manage and configure this FortiGate locally and back up its configuration to FortiManager.
option -
type Central management type.
fortimanager: FortiManager.
fortiguard: Central management of this FortiGate using FortiCloud.
none: No central management.
option -
schedule-config-restore Enable/disable allowing the central management server to restore the configuration of this FortiGate.
enable: Enable scheduled configuration restore.
disable: Disable scheduled configuration restore.
option -
schedule-script-restore Enable/disable allowing the central management server to restore the scripts stored on this FortiGate.
enable: Enable scheduled script restore.
disable: Disable scheduled script restore.
option -
allow-push-configuration Enable/disable allowing the central management server to push configuration changes to this FortiGate.
enable: Enable push configuration.
disable: Disable push configuration.
option -
allow-push-firmware Enable/disable allowing the central management server to push firmware updates to this FortiGate.
enable: Enable push firmware.
disable: Disable push firmware.
option -
allow-remote-firmware-upgrade Enable/disable remotely upgrading the firmware on this FortiGate from the central management server.
enable: Enable remote firmware upgrade.
disable: Disable remote firmware upgrade.
option -
allow-monitor Enable/disable allowing the central management server to remotely monitor this FortiGate
enable: Enable remote monitoring of device.
disable: Disable remote monitoring of device.
option -
serial-number Serial number. user Not Specified
fmg IP address or FQDN of the FortiManager. user Not Specified
fmg-source-ip IPv4 source address that this FortiGate uses when communicating with FortiManager. ipv4-address Not Specified
fmg-source-ip6 IPv6 source address that this FortiGate uses when communicating with FortiManager. ipv6-address Not Specified
local-cert Certificate to be used by FGFM protocol. string Maximum length: 35
ca-cert CA certificate to be used by FGFM protocol. user Not Specified
vdom Virtual domain (VDOM) name to use when communicating with FortiManager. string Maximum length: 31
fmg-update-port Port used to communicate with FortiManager that is acting as a FortiGuard update server.
8890: Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.
443: Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.
option -
include-default-servers Enable/disable inclusion of public FortiGuard servers in the override server list.
enable: Enable inclusion of public FortiGuard servers in the override server list.
disable: Disable inclusion of public FortiGuard servers in the override server list.
option -
enc-algorithm Encryption strength for communications between the FortiGate and central management.
default: High strength algorithms and these medium-strength 128-bit key length algorithms: RC4-SHA, RC4-MD5, RC4-MD.
high: 128-bit and larger key length algorithms: DHE-RSA-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, AES128-SHA.
low: 64-bit or 56-bit key length algorithms without export restrictions: EDH-RSA-DES-CDBC-SHA, DES-CBC-SHA, DES-CBC-MD5.
option -
Parameter Name Description Type Size
server-type FortiGuard service type.
update: AV, IPS, and AV-query update server.
rating: Web filter and anti-spam rating server.
option -
addr-type Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.
ipv4: IPv4 address.
ipv6: IPv6 address.
fqdn: FQDN.
option -
server-address IPv4 address of override server. ipv4-address Not Specified
server-address6 IPv6 address of override server. ipv6-address Not Specified
fqdn FQDN address of override server. string Maximum length: 255

system central-management

Configure central management.

  config system central-management
      Description: Configure central management.
      set mode [normal|backup]
      set type [fortimanager|fortiguard|...]
      set schedule-config-restore [enable|disable]
      set schedule-script-restore [enable|disable]
      set allow-push-configuration [enable|disable]
      set allow-push-firmware [enable|disable]
      set allow-remote-firmware-upgrade [enable|disable]
      set allow-monitor [enable|disable]
      set serial-number {user}
      set fmg {user}
      set fmg-source-ip {ipv4-address}
      set fmg-source-ip6 {ipv6-address}
      set local-cert {string}
      set ca-cert {user}
      set vdom {string}
      config server-list
          Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
          edit <id>
              set server-type {option1}, {option2}, ...
              set addr-type [ipv4|ipv6|...]
              set server-address {ipv4-address}
              set server-address6 {ipv6-address}
              set fqdn {string}
          next
      end
      set fmg-update-port [8890|443]
      set include-default-servers [enable|disable]
      set enc-algorithm [default|high|...]
  end

config system central-management

Parameter Name Description Type Size
mode Central management mode.
normal: Manage and configure this FortiGate from FortiManager.
backup: Manage and configure this FortiGate locally and back up its configuration to FortiManager.
option -
type Central management type.
fortimanager: FortiManager.
fortiguard: Central management of this FortiGate using FortiCloud.
none: No central management.
option -
schedule-config-restore Enable/disable allowing the central management server to restore the configuration of this FortiGate.
enable: Enable scheduled configuration restore.
disable: Disable scheduled configuration restore.
option -
schedule-script-restore Enable/disable allowing the central management server to restore the scripts stored on this FortiGate.
enable: Enable scheduled script restore.
disable: Disable scheduled script restore.
option -
allow-push-configuration Enable/disable allowing the central management server to push configuration changes to this FortiGate.
enable: Enable push configuration.
disable: Disable push configuration.
option -
allow-push-firmware Enable/disable allowing the central management server to push firmware updates to this FortiGate.
enable: Enable push firmware.
disable: Disable push firmware.
option -
allow-remote-firmware-upgrade Enable/disable remotely upgrading the firmware on this FortiGate from the central management server.
enable: Enable remote firmware upgrade.
disable: Disable remote firmware upgrade.
option -
allow-monitor Enable/disable allowing the central management server to remotely monitor this FortiGate
enable: Enable remote monitoring of device.
disable: Disable remote monitoring of device.
option -
serial-number Serial number. user Not Specified
fmg IP address or FQDN of the FortiManager. user Not Specified
fmg-source-ip IPv4 source address that this FortiGate uses when communicating with FortiManager. ipv4-address Not Specified
fmg-source-ip6 IPv6 source address that this FortiGate uses when communicating with FortiManager. ipv6-address Not Specified
local-cert Certificate to be used by FGFM protocol. string Maximum length: 35
ca-cert CA certificate to be used by FGFM protocol. user Not Specified
vdom Virtual domain (VDOM) name to use when communicating with FortiManager. string Maximum length: 31
fmg-update-port Port used to communicate with FortiManager that is acting as a FortiGuard update server.
8890: Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.
443: Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.
option -
include-default-servers Enable/disable inclusion of public FortiGuard servers in the override server list.
enable: Enable inclusion of public FortiGuard servers in the override server list.
disable: Disable inclusion of public FortiGuard servers in the override server list.
option -
enc-algorithm Encryption strength for communications between the FortiGate and central management.
default: High strength algorithms and these medium-strength 128-bit key length algorithms: RC4-SHA, RC4-MD5, RC4-MD.
high: 128-bit and larger key length algorithms: DHE-RSA-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, AES128-SHA.
low: 64-bit or 56-bit key length algorithms without export restrictions: EDH-RSA-DES-CDBC-SHA, DES-CBC-SHA, DES-CBC-MD5.
option -
Parameter Name Description Type Size
server-type FortiGuard service type.
update: AV, IPS, and AV-query update server.
rating: Web filter and anti-spam rating server.
option -
addr-type Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.
ipv4: IPv4 address.
ipv6: IPv6 address.
fqdn: FQDN.
option -
server-address IPv4 address of override server. ipv4-address Not Specified
server-address6 IPv6 address of override server. ipv6-address Not Specified
fqdn FQDN address of override server. string Maximum length: 255