DOCUMENT LIBRARY
6.4.0
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
|
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
|
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
|
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Application Delivery
FortiADC
|
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
|
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
|
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
|
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
FortiTIP Cloud
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIGate
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiWeb Manager
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
All Products
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIGate
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
FortiGate / FortiOS
FortiManager
FortiAnalyzer
Administration Guide
Getting started
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
Basic administration
Basic configuration
Registration
FortiCare and FortiGate Cloud login
Transfer a device to another FortiCloud account
Configuration backups
Fortinet Developer Network access
LEDs
Troubleshooting your installation
Zero touch provisioning
Zero touch provisioning with FortiDeploy
Zero touch provisioning with FortiManager
Dashboards and widgets
Using dashboards
Viewing device dashboards in the security fabric
Creating a fabric system and license dashboard
Using widgets
Changing the default dashboard template
Monitor dashboards and widgets
Static & Dynamic Routing Monitor
DHCP monitor
IPsec monitor
SSL-VPN monitor
Firewall Users Monitor
Implement a user device store to centralize device data
WiFi Dashboard
FortiAP Status monitor
Clients by FortiAP monitor
Device inventory
Device inventory and filtering
Adding MAC-based addresses to devices
FortiView
FortiView monitors and widgets
Adding FortiView widgets
VDOMs and dashboards
FortiView interface
FortiView from disk
FortiView from FortiAnalyzer
FortiView from FortiGate Cloud
FortiView sources
FortiView Sessions
Viewing top websites and sources by category
Cloud application view
Top application: YouTube example
FortiView Top Source and Top Destination Firewall Objects widgets
Viewing session information for a compromised host
Fortinet Security Fabric
Security Fabric settings and usage
Components
Configuring the root FortiGate and downstream FortiGates
Configuring FortiAnalyzer
Configuring FortiGate Cloud
Configuring FortiAnalyzer Cloud service
Configuring FortiManager
Configuring FortiManager Cloud service
Configuring FortiSandbox
Configuring FortiClient EMS
Synchronizing FortiClient EMS tags and configurations
Configuring FortiNAC
Configuring FortiAP and FortiSwitch
Configuring FortiMail
Configuring FortiVoice
Configuring additional devices
Using the Security Fabric
Dashboard widgets
Topology
Topology view — consolidated risk
Viewing and controlling network risks via topology view
Deploying the Security Fabric
Synchronizing objects across the Security Fabric
Group address objects synchronized from FortiManager
Security Fabric over IPsec VPN
Leveraging LLDP to simplify security fabric negotiation
Configuring the Security Fabric with SAML
Configuring single-sign-on in the Security Fabric
Configuring the root FortiGate as the IdP
Configuring a downstream FortiGate as an SP
Configuring certificates for SAML SSO
Verifying the single-sign-on configuration
CLI commands for SAML SSO
SAML SSO with pre-authorized FortiGates
Navigating between Security Fabric members with SSO
Integrating FortiAnalyzer management using SAML SSO
Integrating FortiManager management using SAML SSO
Advanced option - FortiGate SP changes
Advanced option - unique SAML attribute types
Security rating
Security Fabric score
Automation stitches
Creating automation stitches
Default automation stitches
Chaining and delaying actions
Triggers
FortiAnalyzer event handler trigger
Actions
CLI script action
Quarantine via FortiNAC action
Assign VMware NSX security tag action
Assign VMware NSX-T security tag action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
Slack Notification action
Webhook action
Slack integration webhook
Microsoft Teams integration webhook
Execute a CLI script based on memory and CPU thresholds
Public and private SDN connectors
Getting started with public and private SDN connectors
AliCloud SDN connector using access key
AWS SDN connector using certificates
Azure SDN connector using service principal
Cisco ACI SDN connector using a standalone connector
ClearPass endpoint connector via FortiManager
GCP SDN connector using service account
IBM Cloud SDN connector using API keys
Kubernetes (K8s) SDN connectors
AWS Kubernetes (EKS) SDN connector using access key
Azure Kubernetes (AKS) SDN connector using client secret
GCP Kubernetes (GKE) SDN connector using service account
Oracle Kubernetes (OKE) SDN connector using certificates
Private cloud K8s SDN connector using secret token
Nuage SDN connector using server credentials
OCI SDN connector using certificates
OpenStack SDN connector using node credentials
VMware ESXi SDN connector using server credentials
VMware NSX-T Manager SDN connector using NSX-T Manager credentials
Multiple concurrent SDN connectors
Filter lookup in SDN connectors
Support for wildcard SDN connectors in filter configurations
Endpoint/Identity connectors
Fortinet single sign-on agent
Poll Active Directory server
Symantec endpoint connector
RADIUS single sign-on agent
Exchange Server connector
Threat feeds
Configuring a threat feed
FortiGuard category threat feed
IP address threat feed
Domain name threat feed
Malware hash threat feed
Troubleshooting
Viewing a summary of all connected FortiGates in a Security Fabric
Diagnosing automation stitches
Network
Interfaces
Interface settings
Aggregation and redundancy
VLANs
Enhanced MAC VLANs
Inter-VDOM routing
Software switch
Hardware switch
Zone
Virtual Wire Pair
Virtual VLAN switch
Failure detection for aggregate and redundant interfaces
VLAN inside VXLAN
Virtual Wire Pair with VXLAN
QinQ 802.1Q in 802.1ad
QinQ 802.1Q in 802.1Q
Assign a subnet with the FortiIPAM service
Interface MTU packet size
One-arm sniffer
Captive portals
DNS
Important DNS CLI commands
DNS domain list
FortiGate DNS server
DDNS
DNS latency information
DNS over TLS
DNS troubleshooting
Explicit and transparent proxies
Explicit web proxy
FTP proxy
Transparent proxy
Proxy policy addresses
Proxy policy security profiles
Explicit proxy authentication
Transparent web proxy forwarding
Upstream proxy authentication in transparent proxy mode
Multiple dynamic header count
Restricted SaaS access
Explicit proxy and FortiSandbox Cloud
Proxy chaining (web proxy forwarding servers)
Agentless NTLM authentication for web proxy
Multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers
Learn client IP addresses
DHCP servers and relays
DHCP options
IP address assignment with relay agent information option
DHCP client options
Static routing
Routing concepts
Policy routes
Equal cost multi-path
Dual internet connections
Dynamic routing
RIP
Basic RIP example
OSPF
Basic OSPF example
BGP
Basic BGP example
Route filtering with a distribution list
BGP multi-exit discriminator
Troubleshooting BGP
BFD
Multicast
Multicast routing and PIM support
Configuring multicast forwarding
FortiExtender
Adding a FortiExtender
Data plan profiles
Direct IP support for LTE/4G
LLDP reception
Virtual routing and forwarding
Implementing VRF
VRF routing support
Route leaking between VRFs
Route leaking between multiple VRFs
IBGP and EBGP support in VRF
NetFlow
NetFlow templates
sFlow
IPv6
IPv6 overview
IPv6 quick start
Neighbor discovery proxy
IPv6 address assignment
IPv6 stateless address auto-configuration (SLAAC)
DHCPv6 stateful server
SLAAC with DHCPv6 stateless server
IPv6 prefix delegation
NAT66, NAT46, NAT64, and DNS64
NAT66 policy
NAT46 policy
NAT64 policy and DNS64 (DNS proxy)
DHCPv6 relay
IPv6 tunneling
IPv6 IPsec VPN
IPv6 GRE tunnels
IPv6 Simple Network Management Protocol
Dynamic routing in IPv6
OSPFv3 and IPv6
BGP and IPv6
IPv6 configuration examples
IPv6 quick start example
Site-to-site IPv6 over IPv6 VPN example
Site-to-site IPv4 over IPv6 VPN example
Site-to-site IPv6 over IPv4 VPN example
Basic OSPFv3 example
Basic IPv6 BGP example
SD-WAN
SD-WAN overview
SD-WAN components
SD-WAN designs and architectures
SD-WAN designs principles
SD-WAN quick start
Configuring the SD-WAN interface
Adding a static route
Selecting the implicit SD-WAN algorithm
Configuring firewall policies for SD-WAN
Link monitoring and failover
Results
Configuring SD-WAN in the CLI
SD-WAN zones
Performance SLA
Link health monitor
Factory default health checks
Health check options
Link monitoring example
SLA targets example
Health check packet DSCP marker support
Interface speedtest
Monitor performance SLA
SLA monitoring using the REST API
SD-WAN rules
Implicit rule
Best quality strategy
Lowest cost (SLA) strategy
Maximize bandwidth (SLA) strategy
Minimum number of links for a rule to take effect
Use MAC addresses in SD-WAN rules and policy routes
SD-WAN traffic shaping and QoS
SDN dynamic connector addresses in SD-WAN rules
Application steering using SD-WAN rules
Static application steering with a manual strategy
Dynamic application steering with lowest cost and best quality strategies
DSCP tag-based traffic steering in SD-WAN
Configuring IPsec tunnels
Configuring SD-WAN zones
Configuring firewall policies
Configuring Performance SLA test
Configuring SD-WAN rules
Results
Advanced routing
Self-originating traffic
Using BGP tags with SD-WAN rules
BGP multiple path support
Controlling traffic with BGP route mapping and service rules
Applying BGP route-map to multiple BGP neighbors
VPN overlay
ADVPN and shortcut paths
SD-WAN monitor on ADVPN shortcuts
SD-WAN integration with OCVPN
Forward error correction on VPN overlay networks
Dual VPN tunnel wizard
Duplicate packets based on SD-WAN rules
Duplicate packets on other zone members
Advanced configuration
SD-WAN with FGCP HA
Configuring SD-WAN in an HA cluster using internal hardware switches
SD-WAN configuration portability
SD-WAN cloud on-ramp
Configuring the VPN overlay between the HQ FortiGate and cloud FortiGate-VM
Configuring the VPN overlay between the HQ FortiGate and AWS native VPN gateway
Configuring the VIP to access the remote servers
Configuring the SD-WAN to steer traffic between the overlays
Verifying the traffic
Hub and spoke SD-WAN deployment example
Datacenter configuration
Configure dial-up (dynamic) VPN
Configure VPN interfaces
Configure loopback interface
Configure BGP
Firewall policies
Configure a black hole route
Branch configuration
Configure VPN to the hub
Configure VPN interfaces
Configure BGP
Configure SD-WAN
Firewall configuration
Validation
Dynamic definition of SD-WAN routes
Adding another datacenter
Troubleshooting SD-WAN
Tracking SD-WAN sessions
Understanding SD-WAN related logs
SD-WAN related diagnose commands
SD-WAN bandwidth monitoring service
Using SNMP to monitor health check
System
Administrators
Administrator profiles
Add a local administrator
Remote authentication for administrators
Password policy
Admin profile option for diagnose access
Associating a FortiToken to an administrator account
REST API administrator
SSO administrators
Firmware
Firmware maturity levels
Firmware upgrade notifications
Downloading a firmware image
Testing a firmware version
Upgrading the firmware
Downgrading to a previous firmware version
Installing firmware from system reboot
Restoring from a USB drive
Controlled upgrade
Settings
Default administrator password
Changing the host name
Setting the system time
SHA-1 authentication support (for NTPv4)
PTPv2
Configuring ports
Custom default service port range
Setting the idle timeout time
Setting the password policy
Changing the view settings
Setting the administrator password retries and lockout time
TLS configuration
Controlling return path with auxiliary session
Email alerts
Trusted platform module support
Virtual Domains
Global and per-VDOM resources
Split-task VDOM mode
Assign interfaces to a VDOM
Create per-VDOM administrators
Multi VDOM mode
Multi VDOM configuration examples
NAT mode
NAT and transparent mode
Backing up and restoring configurations in multi VDOM mode
High Availability
FGCP
Failover protection
HA heartbeat interface
HA active-passive cluster setup
HA active-active cluster setup
HA virtual cluster setup
Check HA sync status
Out-of-band management with reserved management interfaces
In-band management
Upgrading FortiGates in an HA cluster
HA between remote sites over managed FortiSwitches
HA using a hardware switch to replace a physical switch
VDOM exceptions
Override FortiAnalyzer and syslog server settings
Routing NetFlow data over the HA management interface
Force HA failover for testing and demonstrations
Disabling stateful SCTP inspection
Querying autoscale clusters for FortiGate VM
Troubleshoot an HA formation
FGSP
FGSP basic peer setup
Synchronizing sessions between FGCP clusters
Session synchronization interfaces in FGSP
UTM inspection on asymmetric traffic in FGSP
UTM inspection on asymmetric traffic on L3
Encryption for L3 on asymmetric traffic in FGSP
Firmware upgrades in FGSP
FGSP session synchronization between different FortiGate models or firmware versions
Applying the session synchronization filter only between FGSP peers in an FGCP over FGSP topology
FGSP static site-to-site IPsec VPN setup
Using standalone configuration synchronization
VRRP
Adding IPv4 and IPv6 virtual routers to an interface
VRRP failover
VRRP groups
VRRP virtual MACs
Preempt mode
Single-domain VRRP example
Multi-domain VRRP example
SNMP
Interface access
MIB files
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
Important SNMP traps
SNMP traps and query for monitoring DHCP pool
Replacement messages
Replacement message groups
FortiGuard
IPv6 FortiGuard connections
Configuring FortiGuard updates
Configuring a proxy server for FortiGuard updates
Manual updates
Automatic updates
Sending malware statistics to FortiGuard
Update server location
Filtering
Override FortiGuard servers
Online security tools
Anycast and unicast services
Using FortiManager as a local FortiGuard server
Cloud service communication statistics
IoT detection service
FortiAP query to FortiGuard IoT service to determine device details
FDS-only ISDB package in firmware images
License expiration
Feature visibility
Certificates
Uploading a certificate using the GUI
Uploading a certificate using the CLI
Uploading a certificate using an API
Procure and import a signed SSL certificate
Microsoft CA deep packet inspection
Provision a trusted certificate with Let's Encrypt
Creating certificates with XCA
Security
BIOS-level signature and file integrity checking
Real-time file system integrity checking
Configuration scripts
Workspace mode
Custom languages
RAID
Conserve mode
Using APIs
Policy and Objects
Policies
Firewall policy parameters
Profile-based NGFW vs policy-based NGFW
NGFW policy mode application default service
Application logging in NGFW policy mode
Policy views and policy lookup
Policy with source NAT
Static SNAT
Dynamic SNAT
Central SNAT
Configuring an IPv6 SNAT policy
SNAT policies with virtual wire pairs
Policy with destination NAT
Static virtual IPs
Virtual IP with services
Virtual IPs with port forwarding
Virtual server
Configure FQDN-based VIPs
VIP groups
Local-in policies
DoS protection
Access control lists
Mirroring SSL traffic in policies
Inspection mode per policy
OSPFv3 neighbor authentication
Firewall anti-replay option per policy
Enabling advanced policy options in the GUI
Recognize anycast addresses in geo-IP blocking
Matching GeoIP by registered and physical location
Authentication policy extensions
HTTP to HTTPS redirect for load balancing
Use active directory objects directly in policies
FortiGate Cloud / FDN communication through an explicit proxy
No session timeout
MAP-E support
Address objects
Subnet
Dynamic policy — fabric devices
IP range
FQDN addresses
Using wildcard FQDN addresses in firewall policies
Geography based addresses
IPv6 geography-based addresses
Wildcard addressing
Interface subnet
Address group
Address folder
Address group exclusions
FSSO dynamic address subtype
ClearPass integration for dynamic address objects
MAC addressed-based policies
ISDB well-known MAC address list
IPv6 MAC addresses and usage in firewall policies
Protocol options
Traffic shaping
Traffic shaping policies
Traffic shaping profiles
Traffic shaping with queuing using a traffic shaping profile
Traffic shapers
Shared traffic shaper
Per-IP traffic shaper
Changing traffic shaper bandwidth unit of measurement
Multi-stage DSCP marking and class ID in traffic shapers
Global traffic prioritization
DSCP matching and DSCP marking
Examples
Interface-based traffic shaping profile
Interface-based traffic shaping with NP acceleration
QoS assignment and rate limiting for FortiSwitch quarantined VLANs
Ingress traffic shaping profile
Internet Service
Using Internet Service in policy
Using custom Internet Service in policy
Using extension Internet Service in policy
Global IP address information database
IP reputation filtering
Internet service groups in policies
Allow creation of ISDB objects with regional information
Internet service customization
Security Profiles
Inspection modes
Flow mode inspection (default mode)
Proxy mode inspection
Inspection mode feature comparison
Antivirus
Configuring an antivirus profile
Proxy mode stream-based scanning
Databases
Content disarm and reconstruction
FortiGuard outbreak prevention
External malware block list
Checking flow antivirus statistics
CIFS support
Using FortiSandbox with antivirus
Using FortiSandbox Cloud with antivirus
Web filter
URL filter
FortiGuard filter
Credential phishing prevention
Usage quota
Web content filter
Advanced filters 1
Advanced filters 2
Web filter statistics
URL certificate blocklist
DNS filter
Configuring a DNS filter profile
FortiGuard category-based DNS domain filtering
Botnet C&C domain blocking
DNS safe search
Local domain filter
DNS translation
Applying DNS filter to FortiGate DNS server
Troubleshooting for DNS filter
Application control
Configuring an application sensor
Basic category filters and overrides
Excluding signatures in application control profiles
Port enforcement check
Protocol enforcement
SSL-based application detection over decrypted traffic in a sandwich topology
Matching multiple parameters on application control signatures
Intrusion prevention
Signature-based defense
Configuring an IPS sensor
IPS configuration options
IPS signature filter options
IPS with botnet C&C IP blocking
IPS sensor for IEC 61850 MMS protocol
File filter
Supported file types
Email filter
Configuring an email filter profile
Local-based filters
FortiGuard-based filters
Third-party-based filters
Filtering order
Protocols and actions
Configuring webmail filtering
Data leak prevention
Basic DLP filter types
DLP fingerprinting
VoIP solutions
General use cases
SIP message inspection and filtering
SIP pinholes
SIP over TLS
Custom SIP RTP port range support
Voice VLAN auto-assignment
ICAP
ICAP configuration example
ICAP response filtering
Web application firewall
Protecting a server running web applications
SSL & SSH Inspection
Certificate inspection
Deep inspection
Protecting an SSL server
Handling SSL offloaded traffic from an external decryption device
SSH traffic file scanning
Redirect to WAD after handshake completion
Custom signatures
Configuring custom signatures
Blocking applications with custom signatures
Application groups in policies
Overrides
Web rating override
Using local and remote categories
Web profile override
Profile groups
VPN
IPsec VPNs
General IPsec VPN configuration
Network topologies
Phase 1 configuration
Choosing IKE version 1 and 2
Pre-shared key vs digital certificates
Using XAuth authentication
Dynamic IPsec route control
Dynamic tunnel interface creation
Phase 2 configuration
VPN security policies
Blocking unwanted IKE negotiations and ESP packets with a local-in policy
Site-to-site VPN
FortiGate-to-FortiGate
Basic site-to-site VPN with pre-shared key
Site-to-site VPN with digital certificate
Site-to-site VPN with overlapping subnets
GRE over IPsec
Policy-based IPsec tunnel
FortiGate-to-third-party
IKEv2 IPsec site-to-site VPN to an AWS VPN gateway
IPsec VPN to Azure with virtual network gateway
IPsec VPN to an Azure with virtual WAN
IPSec VPN between a FortiGate and a Cisco ASA with multiple subnets
Cisco GRE-over-IPsec VPN
Remote access
FortiGate as dialup client
FortiClient as dialup client
Add FortiToken multi-factor authentication
Add LDAP user authentication
iOS device as dialup client
IKE Mode Config clients
IPsec VPN with external DHCP service
L2TP over IPsec
Tunneled Internet browsing
Dialup IPsec VPN with certificate authentication
Aggregate and redundant VPN
Manual redundant VPN configuration
OSPF with IPsec VPN for network redundancy
IPsec VPN in an HA environment
IPsec aggregate for redundancy and traffic load-balancing
Per packet distribution and tunnel aggregation
Redundant hub and spoke VPN
Weighted round robin for IPsec aggregate tunnels
Overlay Controller VPN (OCVPN)
Full mesh OCVPN
DOCUMENT LIBRARY
6.4.0
DOCUMENT LIBRARY
6.4.0