When a FortiManager device is added to the Security Fabric, it automatically synchronizes with any connected downstream devices.

To add a FortiManager to the Security Fabric, configure it on the root FortiGate. The root FortiGate then pushes this configuration to downstream FortiGate devices. The FortiManager provides remote management of FortiGate devices over TCP port 541. The FortiManager must have internet access for it to join the Security Fabric.

Once configured, the FortiGate can receive antivirus and IPS updates, and allows remote management through FortiManager or the FortiGate Cloud service. The FortiGate management option must be enabled so that the FortiGate can accept management updates to its firmware and FortiGuard services.

To add a FortiManager to the Security Fabric using the CLI:

config system central-management

set type fortimanager

set fmg {<IP_address> | <FQDN_address>}


To add a FortiManager to the Security Fabric using the GUI:
  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
  2. For Status, click Enable.
  3. For Type, click On-Premise.

  4. Enter the IP/Domain Name of the FortiManager.
  5. Click OK.
  6. On the FortiManager,