Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiManager Cloud service

This cloud-based SaaS management service is available through FortiManager. This service is included in the 360 Protection Bundle (per-device license) and in FortiCloud accounts with a FortiManager Cloud account level subscription (ALCI).

Configuring a per-device license

Once the FortiGate has acquired a contract named FortiManager Cloud, FortiCloud creates a cloud-based FortiManager instance under the user account. You can launch the portal for the cloud-based FortiManager from FortiCloud, and its URL starts with the User ID.

You can use a FortiGate with a contract for FortiManager Cloud to configure central management by using the FQDN of fortimanager.forticloud.com. A FortiGate-FortiManager tunnel is established between FortiGate and the FortiManager instance.

After the tunnel is established, you can execute FortiManager functions from the cloud-based FortiManager portal.

To configure FortiManager Cloud central management:
  1. In the FortiCare portal, ensure you have a product entitlement for FortiManager Cloud.
    1. Go to Asset > Information > Entitlement.
    2. Take note of your user ID number in the top-right corner.

  2. Click the FortiCloud icon in the upper-right corner.
  3. Under CLOUD MANAGEMENT, select FortiManager.

    The FortiManager portal opens. The URL incorporates the user ID for the dedicated instance.

  4. In FortiOS, enable FortiManager Cloud.
    1. Go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
    2. For Status, click Enable.
    3. For Type, click FortiManager Cloud.
    4. Click OK.
      Note

      The FortiManager Cloud button can only be selected if you have a FortiManager Cloud product entitlement.

  5. In the FortiManager Cloud instance, go to Device Manager and authorize the FortiGate. See Authorizing devices for more information.

    When using FortiGate to enable FortiManager Cloud, the FortiGate appears as an unauthorized device.

    After authorizing the FortiGate, it becomes a managed device.

    In FortiOS, the Security Fabric > Fabric Connectors page now displays green arrow in the FortiManager card because FortiManager Cloud is registered.

Configuring an account level subscription

If a FortiCloud account has a FortiManager Cloud account level subscription (ALCI), a FortiGate registered to the FortiCloud account can recognize it and enable FortiManager Cloud central management.

To configure FortiManager Cloud central management:
  1. Register the FortiGate (see Registration). If the FortiCare account has a FortiManager Cloud contract (10 device limitation), the FortiGate is allowed to enable FortiManager Cloud.
  2. Enable FortiManager Cloud:
    1. Go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
    2. For Status, click Enable.
    3. For Type, select FortiManager Cloud.
    4. Click OK.
  3. In the FortiCloud portal, click the dropdown beside your user name and select Cloud Management > FortiManager.
  4. Click the corresponding account to launch the FortiManager Cloud instance.
  5. In FortiManager Cloud, go to Device Manger > Device & Groups. The FortiGate is now listed as synchronized managed device.

Diagnostics

To verify the contract information:
# diagnose test update info contract
...
System contracts:
    ...
Account contracts:
    FMGC,Thu Dec  2 16:00:00 2021
...
To verify the FortiManager Cloud instance has launched and the FortiGate is registered:
# diagnose fdsm central-mgmt-status
Connection status: Up
Registration status: Registered

FortiManager Cloud service

This cloud-based SaaS management service is available through FortiManager. This service is included in the 360 Protection Bundle (per-device license) and in FortiCloud accounts with a FortiManager Cloud account level subscription (ALCI).

Configuring a per-device license

Once the FortiGate has acquired a contract named FortiManager Cloud, FortiCloud creates a cloud-based FortiManager instance under the user account. You can launch the portal for the cloud-based FortiManager from FortiCloud, and its URL starts with the User ID.

You can use a FortiGate with a contract for FortiManager Cloud to configure central management by using the FQDN of fortimanager.forticloud.com. A FortiGate-FortiManager tunnel is established between FortiGate and the FortiManager instance.

After the tunnel is established, you can execute FortiManager functions from the cloud-based FortiManager portal.

To configure FortiManager Cloud central management:
  1. In the FortiCare portal, ensure you have a product entitlement for FortiManager Cloud.
    1. Go to Asset > Information > Entitlement.
    2. Take note of your user ID number in the top-right corner.

  2. Click the FortiCloud icon in the upper-right corner.
  3. Under CLOUD MANAGEMENT, select FortiManager.

    The FortiManager portal opens. The URL incorporates the user ID for the dedicated instance.

  4. In FortiOS, enable FortiManager Cloud.
    1. Go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
    2. For Status, click Enable.
    3. For Type, click FortiManager Cloud.
    4. Click OK.
      Note

      The FortiManager Cloud button can only be selected if you have a FortiManager Cloud product entitlement.

  5. In the FortiManager Cloud instance, go to Device Manager and authorize the FortiGate. See Authorizing devices for more information.

    When using FortiGate to enable FortiManager Cloud, the FortiGate appears as an unauthorized device.

    After authorizing the FortiGate, it becomes a managed device.

    In FortiOS, the Security Fabric > Fabric Connectors page now displays green arrow in the FortiManager card because FortiManager Cloud is registered.

Configuring an account level subscription

If a FortiCloud account has a FortiManager Cloud account level subscription (ALCI), a FortiGate registered to the FortiCloud account can recognize it and enable FortiManager Cloud central management.

To configure FortiManager Cloud central management:
  1. Register the FortiGate (see Registration). If the FortiCare account has a FortiManager Cloud contract (10 device limitation), the FortiGate is allowed to enable FortiManager Cloud.
  2. Enable FortiManager Cloud:
    1. Go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
    2. For Status, click Enable.
    3. For Type, select FortiManager Cloud.
    4. Click OK.
  3. In the FortiCloud portal, click the dropdown beside your user name and select Cloud Management > FortiManager.
  4. Click the corresponding account to launch the FortiManager Cloud instance.
  5. In FortiManager Cloud, go to Device Manger > Device & Groups. The FortiGate is now listed as synchronized managed device.

Diagnostics

To verify the contract information:
# diagnose test update info contract
...
System contracts:
    ...
Account contracts:
    FMGC,Thu Dec  2 16:00:00 2021
...
To verify the FortiManager Cloud instance has launched and the FortiGate is registered:
# diagnose fdsm central-mgmt-status
Connection status: Up
Registration status: Registered