DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
Getting started
Using the GUI
Connecting using a web browser
Menus
Tables
Entering values
Text strings
Numbers
GUI-based global search
Loading artifacts from a CDN
Using the CLI
Connecting to the CLI
CLI basics
Command syntax
Subcommands
Permissions
FortiExplorer Management
Getting started with FortiExplorer
Connecting FortiExplorer to a FortiGate with WiFi
Configure FortiGate with FortiExplorer using BLE
Running a security rating
Upgrading to FortiExplorer Pro
Basic administration
Basic configuration
Registration
FortiCare and FortiGate Cloud login
Transfer a device to another FortiCloud account
Configuration backups
LEDs
Troubleshooting your installation
Dashboards and Monitors
Using dashboards
Using widgets
Viewing device dashboards in the Security Fabric
Creating a fabric system and license dashboard
Dashboards
Status dashboard
Security dashboard
Viewing session information for a compromised host
Network dashboard
Static & Dynamic Routing monitor
DHCP monitor
IPsec monitor
SSL-VPN monitor
Users & Devices
Device inventory
Device inventory and filtering
Adding MAC-based addresses to devices
Firewall Users monitor
WiFi dashboard
FortiAP Status monitor
Clients by FortiAP monitor
Monitors
FortiView monitors and widgets
Adding FortiView monitors
Using the FortiView interface
Enabling FortiView from devices
FortiView sources
FortiView Sessions
FortiView Top Source and Top Destination Firewall Objects monitors
Viewing top websites and sources by category
Cloud application view
Top application: YouTube example
Network
Interfaces
Interface settings
Aggregation and redundancy
Enhanced hashing for LAG member selection
VLANs
Enhanced MAC VLANs
Inter-VDOM routing
Software switch
Hardware switch
Zone
Virtual wire pair
PRP handling in NAT mode with virtual wire pair
Virtual VLAN switch
Failure detection for aggregate and redundant interfaces
VLAN inside VXLAN
Virtual wire pair with VXLAN
QinQ 802.1Q in 802.1ad
QinQ 802.1Q in 802.1Q
Configure IPAM locally on the FortiGate
Interface MTU packet size
One-arm sniffer
Interface migration wizard
Captive portals
DNS
Important DNS CLI commands
DNS domain list
FortiGate DNS server
DDNS
DNS latency information
DNS over TLS and HTTPS
DNS troubleshooting
Explicit and transparent proxies
Explicit web proxy
FTP proxy
Transparent proxy
Proxy policy addresses
Proxy policy security profiles
Explicit proxy authentication
Transparent web proxy forwarding
Upstream proxy authentication in transparent proxy mode
Multiple dynamic header count
Restricted SaaS access
Explicit proxy and FortiSandbox Cloud
Proxy chaining
WAN optimization SSL proxy chaining
Agentless NTLM authentication for web proxy
Multiple LDAP servers in Kerberos keytabs and agentless NTLM domain controllers
Learn client IP addresses
Explicit proxy authentication over HTTPS
mTLS client certificate authentication
CORS protocol in explicit web proxy when using session-based, cookie-enabled, and captive portal-enabled SAML authentication
DHCP server
DHCP options
IP address assignment with relay agent information option
DHCP client options
Static routing
Routing concepts
Policy routes
Equal cost multi-path
Dual internet connections
Dynamic routing
RIP
Basic RIP example
Basic RIPng example
OSPF
Basic OSPF example
BGP
Basic BGP example
Route filtering with a distribution list
Next hop recursive resolution using other BGP routes
Next hop recursive resolution using ECMP routes
BGP conditional advertisement
BGP error handling per RFC 7606
BGP next hop tag-match mode
Troubleshooting BGP
BFD
BFD for multihop path for BGP
Routing objects
Route maps
Access lists
Prefix lists
AS path lists
Community lists
Multicast
Multicast routing and PIM support
Configuring multicast forwarding
FortiExtender
Adding a FortiExtender
Direct IP support for LTE/4G
LLDP reception
Virtual routing and forwarding
Implementing VRF
VRF routing support
Route leaking between VRFs with BGP
Route leaking between multiple VRFs
VRF with IPv6
IBGP and EBGP support in VRF
Support cross-VRF local-in and local-out traffic for local services
NetFlow
NetFlow templates
NetFlow on FortiExtender and tunnel interfaces
sFlow
Link monitor
Link monitor with route updates
Enable or disable updating policy routes when link health monitor fails
Add weight setting on each link health monitor server
IPv6
IPv6 tunneling
IPv6 tunnel inherits MTU based on physical interface
SD-WAN
SD-WAN overview
SD-WAN components and design principles
SD-WAN designs and architectures
SD-WAN quick start
Configuring the SD-WAN interface
Adding a static route
Selecting the implicit SD-WAN algorithm
Configuring firewall policies for SD-WAN
Link monitoring and failover
Results
Configuring SD-WAN in the CLI
SD-WAN members and zones
Specify an SD-WAN zone in static routes and SD-WAN rules
Performance SLA
Performance SLA overview
Link health monitor
Monitoring performance SLA
Passive WAN health measurement
Passive health-check measurement by internet service and application
SD-WAN rules
SD-WAN rules overview
Fields for identifying traffic
Fields for configuring WANÂ intelligence
Additional fields for configuring WAN intelligence
Implicit rule
Automatic strategy
Manual strategy
Best quality strategy
Lowest cost (SLA) strategy
Maximize bandwidth (SLA) strategy
Manual interface speedtest
Scheduled interface speedtest
SD-WAN traffic shaping and QoS
SDN dynamic connector addresses in SD-WAN rules
Application steering using SD-WAN rules
Static application steering with a manual strategy
Dynamic application steering with lowest cost and best quality strategies
DSCP tag-based traffic steering in SD-WAN
Configuring SD-WAN rules
Results
ECMP support for the longest match in SD-WAN rule matching
Override quality comparisons in SD-WAN longest match rule matching
Advanced routing
Local out traffic
Using BGP tags with SD-WAN rules
BGP multiple path support
Controlling traffic with BGP route mapping and service rules
Applying BGP route-map to multiple BGP neighbors
VPN overlay
ADVPN and shortcut paths
SD-WAN monitor on ADVPN shortcuts
Hold down time to support SD-WAN service strategies
SD-WAN integration with OCVPN
Adaptive Forward Error Correction
Dual VPN tunnel wizard
Duplicate packets on other zone members
Duplicate packets based on SD-WAN rules
Speed tests run from the hub to the spokes in dial-up IPsec tunnels
Interface based QoS on individual child tunnels based on speed test results
Use SSL VPN interfaces in zones
Advanced configuration
SD-WAN with FGCP HA
Configuring SD-WAN in an HA cluster using internal hardware switches
SD-WAN configuration portability
SD-WAN cloud on-ramp
Configuring the VPN overlay between the HQ FortiGate and cloud FortiGate-VM
Configuring the VPN overlay between the HQ FortiGate and AWS native VPN gateway
Configuring the VIP to access the remote servers
Configuring the SD-WAN to steer traffic between the overlays
Verifying the traffic
Hub and spoke SD-WAN deployment example
Datacenter configuration
Configure dial-up (dynamic) VPN
Configure VPN interfaces
Configure loopback interface
Configure BGP
Firewall policies
Configure a blackhole route
Branch configuration
Configure VPN to the hub
Configure VPN interfaces
Configure BGP
Configure SD-WAN
Firewall configuration
Validation
Dynamic definition of SD-WAN routes
