Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
Flex-VM
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
Filter Products
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAI
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiEdge
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
Filter Products
AscenLink
AV Engine
AWS Firewall Rules
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiExtender Cloud
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
Getting started
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
FortiExplorer for iOS
Getting started with FortiExplorer
Connecting FortiExplorer to a FortiGate via WiFi
Running a security rating
Upgrading to FortiExplorer Pro
Basic administration
Registration
FortiCare and FortiGate Cloud login
Transfer a device to another FortiCloud account
Troubleshooting your installation
Zero touch provisioning
Zero touch provisioning with FortiDeploy
Zero touch provisioning with FortiManager
Dashboards and widgets
Using dashboards
Viewing device dashboards in the security fabric
Creating a fabric system and license dashboard
Using widgets
Changing the default dashboard template
Monitor dashboards and widgets
Static & Dynamic Routing Monitor
DHCP monitor
IPSEC monitor
SSL VPN monitor
Firewall Users Monitor
Device inventory
Device inventory and filtering
Adding MAC-based addresses to devices
FortiView
FortiView monitors and widgets
Adding FortiView widgets
VDOMs and dashboards
FortiView interface
FortiView from disk
FortiView from FortiAnalyzer
FortiView from FortiGate Cloud
FortiView sources
Viewing top websites and sources by category
Cloud application view
Top application: YouTube example
FortiView Top Source and Top Destination Firewall Objects widgets
Viewing session information for a compromised host
Configuration backups
Fortinet Security Fabric
Security Fabric settings and usage
Components
Configuring the root FortiGate and downstream FortiGates
Configuring FortiAnalyzer
Configuring other Security Fabric devices
FortiGate Cloud
FortiAnalyzer Cloud service
FortiManager
FortiManager Cloud service
FortiSandbox
FortiClient EMS
Synchronizing FortiClient EMS tags and configurations
FortiNAC
FortiAP and FortiSwitch
Additional devices
Using the Security Fabric
Dashboard widgets
Topology
Topology view — consolidated risk
Viewing and controlling network risks via topology view
Deploying the Security Fabric
Synchronizing objects across the Security Fabric
Security Fabric over IPsec VPN
Leveraging LLDP to simplify security fabric negotiation
Configuring the Security Fabric with SAML
Configuring single-sign-on in the Security Fabric
Configuring the root FortiGate as the IdP
Configuring a downstream FortiGate as an SP
Configuring certificates for SAML SSO
Verifying the single-sign-on configuration
CLI commands for SAMLÂ SSO
SAML SSO with pre-authorized FortiGates
Navigating between Security Fabric members with SSO
Integrating FortiAnalyzer management using SAML SSO
Integrating FortiManager management using SAML SSO
Advanced option - FortiGate SP changes
Advanced option - unique SAML attribute types
Security rating
Security Fabric score
External connectors
SDN connectors
AliCloud SDN connector
AWS SDN connector with IAM credentials
Azure Stack SDN connector
Azure SDN connector for non-VM resources
IBM Cloud SDN connector
VMware ESXi SDNÂ connector
VMware NSX-T manager SDNÂ connector
OpenStack (Horizon)Â SDN connector with domain filter
OCI SDN connector
ClearPass endpoint connector via FortiManager
Cisco pxGrid fabric connector
Cisco ACI SDN connector
Cisco ACI SDN connector with direct connection
Nuage SDN connector
Multiple concurrent SDNÂ connectors
Filter lookup in SDN connectors
Support for wildcard SDN connectors in filter configurations
Kubernetes (K8s) SDN connectors
Private Cloud K8s SDNÂ connector
AWS Kubernetes (EKS)Â SDNÂ connector
GCP Kubernetes (GKE)Â SDNÂ connector
Azure Kubernetes (AKS)Â SDNÂ connector
Oracle Kubernetes (OKE) SDNÂ connector
Endpoint/Identity connectors
Fortinet single sign-on agent
Poll Active Directory server
Symantec endpoint connector
RADIUS single sign-on (RSSO) agent
Exchange Server connector
Threat feeds
External Block List (Threat Feed) – Policy
External Block List (Threat Feed) - Authentication
External Block List (Threat Feed)Â - File Hashes
External resources for DNS filter
Automation stitches
Creating automation stitches
Automation webhook stitches
Chaining and delaying actions
Triggers
FortiAnalyzer event handler trigger
Actions
CLI script action
Assign VMware NSX security tag action
Assign VMware NSX-T security tag action
AWS Lambda action
Azure Function action
Google Cloud Function action
AliCloud Function action
Slack notification action
Webhook action
Slack integration webhook
Microsoft Teams integration webhook
Execute a CLI script based on CPU and memory thresholds
Troubleshooting
Viewing a summary of all connected FortiGates in a Security Fabric
Diagnosing automation stitches
Network
Interfaces
Interface settings
Aggregation and redundancy
VLANs
Enhanced MAC VLANs
Inter-VDOM routing
Software switch
Zone
Virtual Wire Pair
Virtual switch support for FortiGate 300E series
Failure detection for aggregate and redundant interfaces
VLAN inside VXLAN
Virtual Wire Pair with VXLAN
Assign a subnet with the FortiIPAM service
DNS
Important DNS CLI commands
DNS domain list
FortiGate DNS server
DDNS
DNS latency information
DNS over TLS
DNS troubleshooting
Explicit and transparent proxies
Explicit web proxy
FTP proxy
Transparent proxy
Proxy policy addresses
Proxy policy security profiles
Explicit proxy authentication
Transparent web proxy forwarding
Upstream proxy authentication in transparent proxy mode
Multiple dynamic header count
Restricted SaaS access (Office 365, G Suite, Dropbox)
Explicit proxy and FortiSandbox Cloud
Proxy chaining (web proxy forwarding servers)
Agentless NTLM authentication for web proxy
DHCP server
DHCP options
IP address assignment with relay agent information option
DHCP client options
Static routes
Policy routes
RIP
OSPF
BGP
Direct IP support for LTE/4G
LLDP reception
Route leaking between VRFs
SD-WAN
SD-WAN quick start
Configuring the SD-WAN interface
Adding a static route
Selecting the implicit SD-WAN algorithm
Configuring firewall policies for SD-WAN
Link monitoring and failover
Results
Configuring SD-WAN in the CLI
SD-WAN zones
WAN path control
Performance SLA - link monitoring
Performance SLA - SLA targets
Factory default health checks
Implicit rule
SD-WAN rules - best quality
SD-WAN rules - lowest cost (SLA)
SD-WAN rules - maximize bandwidth (SLA)
Application steering using SD-WAN rules
Static application steering with a manual strategy
Dynamic application steering with lowest cost and best quality strategies
SD-WAN traffic shaping and QoS
DSCP tag-based traffic steering in SD-WAN
Configuring IPsec tunnels
Configuring SD-WAN zones
Configuring firewall policies
Configuring Performance SLA test
Configuring SD-WAN rules
Results
Advanced configuration
Self-originating traffic
SDN dynamic connector addresses in SD-WAN rules
Forward error correction on VPN overlay networks
Using BGP tags with SD-WAN rules
BGP multiple path support
Controlling traffic with BGP route mapping and service rules
Applying BGP route-map to multiple BGP neighbors
IBGP and EBGP support in VRF
ADVPN and shortcut paths
SD-WAN monitor on ADVPN shortcuts
SD-WAN integration with OCVPN
DSCP matching (shaping)
SD-WAN health check packet DSCP marker support
Dual VPN tunnel wizard
SD-WAN with FGCP HA
Dynamic connector addresses in SD-WAN policies
SD-WAN configuration portability
Interface speedtest
SD-WAN cloud on-ramp
Configuring the VPN overlay between the HQ FortiGate and cloud FortiGate-VM
Configuring the VPN overlay between the HQ FortiGate and AWS native VPN gateway
Configuring the VIP to access the remote servers
Configuring the SD-WAN to steer traffic between the overlays
Verifying the traffic
Hub and spoke SD-WAN deployment example
Datacenter configuration
Configure dial-up (dynamic) VPN
Configure VPN interfaces
Configure loopback interface
Configure BGP
Firewall policies
Configure a black hole route
Branch configuration
Configure VPN to the hub
Configure VPN interfaces
Configure BGP
Configure SD-WAN
Firewall configuration
Validation
Dynamic definition of SD-WAN routes
Adding another datacenter
Configuring SD-WAN in an HA cluster using internal hardware switches
Troubleshooting SD-WAN
Understanding SD-WAN related logs
SD-WAN related diagnose commands
SLA logging
SLA monitoring using the REST API
SD-WAN bandwidth monitoring service
System
Administrators
Administrator profiles
Add a local administrator
Remote authentication for administrators
Password policy
Admin profile option for diagnose access
Firmware
Firmware upgrade notifications
Downloading a firmware image
Testing a firmware version
Upgrading the firmware
Downgrading to a previous firmware version
Installing firmware from system reboot
Restoring from a USB drive
Controlled upgrade
Settings
Default administrator password
Changing the host name
Setting the system time
SHA-1 authentication support (for NTPv4)
PTPv2
Configuring ports
Custom default service port range
Setting the idle timeout time
Setting the password policy
Changing the view settings
Setting the administrator password retries and lockout time
Virtual Domains
Split-task VDOM mode
Assign interfaces to a VDOM
Create per-VDOM administrators
Multi VDOM mode
Multi VDOM configuration examples
NAT mode
NAT and transparent mode
High Availability
Introduction to the FGCP cluster
Failover protection
FGSP (session synchronization) peer setup
UTM inspection on asymmetric traffic in FGSP
UTM inspection on asymmetric traffic on L3
Encryption for L3 on asymmetric traffic in FGSP
Synchronizing sessions between FGCP clusters
Using standalone configuration synchronization
Troubleshoot an HA formation
Check HA sync status
Disabling stateful SCTP inspection
Upgrading FortiGates in an HA cluster
HA cluster setup examples
HA active-passive cluster setup
HA active-active cluster setup
HA virtual cluster setup
HA using a hardware switch to replace a physical switch
Routing data over the HA management interface
Override FortiAnalyzer and syslog server settings
Force HA failover for testing and demonstrations
Querying autoscale clusters for FortiGate VM
SNMP
Interface access
MIB files
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
Important SNMPÂ traps
SNMP traps and query for monitoring DHCP pool
Replacement messages
Replacement message groups
FortiGuard
IPv6 FortiGuard connections
Configuring antivirus and IPS options
Manual updates
Automatic updates
Sending malware statistics to FortiGuard
Update server location
Filtering
Override FortiGuard servers
Online security tools
FortiGuard anycast and third-party SSL validation
Using FortiManager as a local FortiGuard server
Cloud service communication statistics
IoT detection service
Feature visibility
Certificates
Microsoft CA deep packet inspection
Purchase and import a signed SSL certificate
Configuration scripts
Workspace mode
Policy and Objects