Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    system central-management

    Configure central management.

      config system central-management
      Description: Configure central management.
      set mode [normal|backup]
      set type [fortimanager|fortiguard|...]
      set schedule-config-restore [enable|disable]
      set schedule-script-restore [enable|disable]
      set allow-push-configuration [enable|disable]
      set allow-push-firmware [enable|disable]
      set allow-remote-firmware-upgrade [enable|disable]
      set allow-monitor [enable|disable]
      set serial-number {user}
      set fmg {user}
      set fmg-source-ip {ipv4-address}
      set fmg-source-ip6 {ipv6-address}
      set local-cert {string}
      set ca-cert {user}
      set vdom {string}
      config server-list
          Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
          edit <id>
              set server-type {option1}, {option2}, ...
              set addr-type [ipv4|ipv6|...]
              set server-address {ipv4-address}
              set server-address6 {ipv6-address}
              set fqdn {string}
          next
      end
      set fmg-update-port [8890|443]
      set include-default-servers [enable|disable]
      set enc-algorithm [default|high|...]
      set interface-select-method [auto|sdwan|...]
      set interface {string}
  end

    config system central-management

    Parameter Name Description Type Size
    mode Central management mode.
    normal: Manage and configure this FortiGate from FortiManager.
    backup: Manage and configure this FortiGate locally and back up its configuration to FortiManager.
    		 option -
    type Central management type.
    fortimanager: FortiManager.
    fortiguard: Central management of this FortiGate using FortiCloud.
    none: No central management.
    		 option -
    schedule-config-restore Enable/disable allowing the central management server to restore the configuration of this FortiGate.
    enable: Enable scheduled configuration restore.
    disable: Disable scheduled configuration restore.
    		 option -
    schedule-script-restore Enable/disable allowing the central management server to restore the scripts stored on this FortiGate.
    enable: Enable scheduled script restore.
    disable: Disable scheduled script restore.
    		 option -
    allow-push-configuration Enable/disable allowing the central management server to push configuration changes to this FortiGate.
    enable: Enable push configuration.
    disable: Disable push configuration.
    		 option -
    allow-push-firmware Enable/disable allowing the central management server to push firmware updates to this FortiGate.
    enable: Enable push firmware.
    disable: Disable push firmware.
    		 option -
    allow-remote-firmware-upgrade Enable/disable remotely upgrading the firmware on this FortiGate from the central management server.
    enable: Enable remote firmware upgrade.
    disable: Disable remote firmware upgrade.
    		 option -
    allow-monitor Enable/disable allowing the central management server to remotely monitor this FortiGate
    enable: Enable remote monitoring of device.
    disable: Disable remote monitoring of device.
    		 option -
    serial-number Serial number. user Not Specified
    fmg IP address or FQDN of the FortiManager. user Not Specified
    fmg-source-ip IPv4 source address that this FortiGate uses when communicating with FortiManager. ipv4-address Not Specified
    fmg-source-ip6 IPv6 source address that this FortiGate uses when communicating with FortiManager. ipv6-address Not Specified
    local-cert Certificate to be used by FGFM protocol. string Maximum length: 35
    ca-cert CA certificate to be used by FGFM protocol. user Not Specified
    vdom Virtual domain (VDOM) name to use when communicating with FortiManager. string Maximum length: 31
    fmg-update-port Port used to communicate with FortiManager that is acting as a FortiGuard update server.
    8890: Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.
    443: Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.
    		 option -
    include-default-servers Enable/disable inclusion of public FortiGuard servers in the override server list.
    enable: Enable inclusion of public FortiGuard servers in the override server list.
    disable: Disable inclusion of public FortiGuard servers in the override server list.
    		 option -
    enc-algorithm Encryption strength for communications between the FortiGate and central management.
    default: High strength algorithms and these medium-strength 128-bit key length algorithms: RC4-SHA, RC4-MD5, RC4-MD.
    high: 128-bit and larger key length algorithms: DHE-RSA-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, AES128-SHA.
    low: 64-bit or 56-bit key length algorithms without export restrictions: EDH-RSA-DES-CDBC-SHA, DES-CBC-SHA, DES-CBC-MD5.
    		 option -
    interface-select-method Specify how to select outgoing interface to reach server.
    auto: Set outgoing interface automatically.
    sdwan: Set outgoing interface by SD-WAN or policy routing rules.
    specify: Set outgoing interface manually.
    		 option -
    interface Specify outgoing interface to reach server. string Maximum length: 15

    config server-list

    Parameter Name Description Type Size
    server-type FortiGuard service type.
    update: AV, IPS, and AV-query update server.
    rating: Web filter and anti-spam rating server.
    		 option -
    addr-type Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.
    ipv4: IPv4 address.
    ipv6: IPv6 address.
    fqdn: FQDN.
    		 option -
    server-address IPv4 address of override server. ipv4-address Not Specified
    server-address6 IPv6 address of override server. ipv6-address Not Specified
    fqdn FQDN address of override server. string Maximum length: 255
    Previous
    Next

    system central-management

    Configure central management.

      config system central-management
      Description: Configure central management.
      set mode [normal|backup]
      set type [fortimanager|fortiguard|...]
      set schedule-config-restore [enable|disable]
      set schedule-script-restore [enable|disable]
      set allow-push-configuration [enable|disable]
      set allow-push-firmware [enable|disable]
      set allow-remote-firmware-upgrade [enable|disable]
      set allow-monitor [enable|disable]
      set serial-number {user}
      set fmg {user}
      set fmg-source-ip {ipv4-address}
      set fmg-source-ip6 {ipv6-address}
      set local-cert {string}
      set ca-cert {user}
      set vdom {string}
      config server-list
          Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
          edit <id>
              set server-type {option1}, {option2}, ...
              set addr-type [ipv4|ipv6|...]
              set server-address {ipv4-address}
              set server-address6 {ipv6-address}
              set fqdn {string}
          next
      end
      set fmg-update-port [8890|443]
      set include-default-servers [enable|disable]
      set enc-algorithm [default|high|...]
      set interface-select-method [auto|sdwan|...]
      set interface {string}
  end

    config system central-management

    Parameter Name Description Type Size
    mode Central management mode.
    normal: Manage and configure this FortiGate from FortiManager.
    backup: Manage and configure this FortiGate locally and back up its configuration to FortiManager.
    		 option -
    type Central management type.
    fortimanager: FortiManager.
    fortiguard: Central management of this FortiGate using FortiCloud.
    none: No central management.
    		 option -
    schedule-config-restore Enable/disable allowing the central management server to restore the configuration of this FortiGate.
    enable: Enable scheduled configuration restore.
    disable: Disable scheduled configuration restore.
    		 option -
    schedule-script-restore Enable/disable allowing the central management server to restore the scripts stored on this FortiGate.
    enable: Enable scheduled script restore.
    disable: Disable scheduled script restore.
    		 option -
    allow-push-configuration Enable/disable allowing the central management server to push configuration changes to this FortiGate.
    enable: Enable push configuration.
    disable: Disable push configuration.
    		 option -
    allow-push-firmware Enable/disable allowing the central management server to push firmware updates to this FortiGate.
    enable: Enable push firmware.
    disable: Disable push firmware.
    		 option -
    allow-remote-firmware-upgrade Enable/disable remotely upgrading the firmware on this FortiGate from the central management server.
    enable: Enable remote firmware upgrade.
    disable: Disable remote firmware upgrade.
    		 option -
    allow-monitor Enable/disable allowing the central management server to remotely monitor this FortiGate
    enable: Enable remote monitoring of device.
    disable: Disable remote monitoring of device.
    		 option -
    serial-number Serial number. user Not Specified
    fmg IP address or FQDN of the FortiManager. user Not Specified
    fmg-source-ip IPv4 source address that this FortiGate uses when communicating with FortiManager. ipv4-address Not Specified
    fmg-source-ip6 IPv6 source address that this FortiGate uses when communicating with FortiManager. ipv6-address Not Specified
    local-cert Certificate to be used by FGFM protocol. string Maximum length: 35
    ca-cert CA certificate to be used by FGFM protocol. user Not Specified
    vdom Virtual domain (VDOM) name to use when communicating with FortiManager. string Maximum length: 31
    fmg-update-port Port used to communicate with FortiManager that is acting as a FortiGuard update server.
    8890: Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.
    443: Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.
    		 option -
    include-default-servers Enable/disable inclusion of public FortiGuard servers in the override server list.
    enable: Enable inclusion of public FortiGuard servers in the override server list.
    disable: Disable inclusion of public FortiGuard servers in the override server list.
    		 option -
    enc-algorithm Encryption strength for communications between the FortiGate and central management.
    default: High strength algorithms and these medium-strength 128-bit key length algorithms: RC4-SHA, RC4-MD5, RC4-MD.
    high: 128-bit and larger key length algorithms: DHE-RSA-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, AES128-SHA.
    low: 64-bit or 56-bit key length algorithms without export restrictions: EDH-RSA-DES-CDBC-SHA, DES-CBC-SHA, DES-CBC-MD5.
    		 option -
    interface-select-method Specify how to select outgoing interface to reach server.
    auto: Set outgoing interface automatically.
    sdwan: Set outgoing interface by SD-WAN or policy routing rules.
    specify: Set outgoing interface manually.
    		 option -
    interface Specify outgoing interface to reach server. string Maximum length: 15

    config server-list

    Parameter Name Description Type Size
    server-type FortiGuard service type.
    update: AV, IPS, and AV-query update server.
    rating: Web filter and anti-spam rating server.
    		 option -
    addr-type Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.
    ipv4: IPv4 address.
    ipv6: IPv6 address.
    fqdn: FQDN.
    		 option -
    server-address IPv4 address of override server. ipv4-address Not Specified
    server-address6 IPv6 address of override server. ipv6-address Not Specified
    fqdn FQDN address of override server. string Maximum length: 255
    Previous
    Next