Fortinet black logo

Administration Guide

Handling connection attempts from unauthorized devices

Handling connection attempts from unauthorized devices

The built-in FDS replies to FortiGuard update and query connections from devices authorized for central management by FortiManager. If the FortiManager is configured to allow connections from unauthorized devices, unauthorized devices can also connect.

For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its GUI), but use the FortiManager system when the FortiGate unit requests FortiGuard antivirus and IPS updates. In this case, the FortiManager system considers the FortiGate unit to be an unauthorized device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI.

To configure connection attempt handling:
  1. Go to the CLI Console widget in the System Settings > Dashboard pane. For information on widget settings, see Customizing the dashboard.
  2. Click inside the console to connect.
  3. To configure the system to add unauthorized devices and allow service requests, type the following CLI command lines:

    config system admin setting

    set unreg_dev_opt add_allow_service

    end

  4. To configure the system to add unauthorized devices but deny service requests, type the following CLI command lines:

    config system admin setting

    set unreg_dev_opt add_no_service

    end

For more information, see the FortiManager CLI Reference.

Handling connection attempts from unauthorized devices

The built-in FDS replies to FortiGuard update and query connections from devices authorized for central management by FortiManager. If the FortiManager is configured to allow connections from unauthorized devices, unauthorized devices can also connect.

For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its GUI), but use the FortiManager system when the FortiGate unit requests FortiGuard antivirus and IPS updates. In this case, the FortiManager system considers the FortiGate unit to be an unauthorized device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI.

To configure connection attempt handling:
  1. Go to the CLI Console widget in the System Settings > Dashboard pane. For information on widget settings, see Customizing the dashboard.
  2. Click inside the console to connect.
  3. To configure the system to add unauthorized devices and allow service requests, type the following CLI command lines:

    config system admin setting

    set unreg_dev_opt add_allow_service

    end

  4. To configure the system to add unauthorized devices but deny service requests, type the following CLI command lines:

    config system admin setting

    set unreg_dev_opt add_no_service

    end

For more information, see the FortiManager CLI Reference.