DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
Setting up FortiManager
Connecting to the GUI
FortiManager Setup wizard
Activating VM licenses
Security considerations
Restricting GUI access by trusted host
Trusted platform module support
Other security considerations
GUI overview
Panes
Color themes
Side menu open or closed
Switching between ADOMs
Using the right-click menu
Using the CLI console
Avatars
Using the Process Monitor
Showing and hiding passwords
Google Map integration
FortiAnalyzer Features
Enable or disable FortiAnalyzer features
Initial setup
Restarting and shutting down
FortiManager Key Concepts
Communication through protocols
FortiGuard
Device Manager
FortiAnalyzer features
Configuration through Device Manager
Direct device database editing
Indirect device database editing
Model devices
Zero-touch and low-touch provisioning
ADOMs and devices
Global ADOM layer
ADOM and policy layer
Device Manager layer
Operations
Install device settings only
Quick install (device db)
Install policy package
Re-install policy
Import configuration
Retrieve configuration
Auto-update and auto-retrieve
Auto-backup
Refresh
Revert
Sequence of operations for installation to managed devices
Key features of the FortiManager system
Security Fabric
Configuration revision control and tracking
Centralized management
Administrative domains
Local FortiGuard service provisioning
Firmware management
Scripting
Logging and reporting
Fortinet device life cycle management
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
System Resources widget
License Information widget
Registering with FortiCloud
Activating add-on licenses
Understanding license count rules
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Device widgets
Restart, shut down, or reset FortiManager
Device Manager
ADOMs
Device & Groups
Add devices
Adding online devices using Discover mode
Security Fabric authorization
Adding online devices using Discover mode and legacy login
Adding offline model devices
Adding a model FortiGate HA cluster
Import model devices from a CSV file
Adding FortiSOAR devices
Adding a Security Fabric group
Authorizing devices
Hiding unauthorized devices
Setting unauthorized device options
Importing detected devices
Importing and exporting device lists
Configuring the management address
Verifying devices with private data encryption enabled
Using device blueprints for model devices
Example of adding an offline device by pre-shared key
Example of adding an offline device by serial number
Example of adding an offline device by using device template
Adding FortiGate CNF device
Add FortiAnalyzer or FortiAnalyzer BigData
Adding FortiAnalyzer devices using the wizard
Adding FortiAnalyzer devices using a fabric connection
Viewing policy rules
Add VDOM
Adding a split-task VDOM
Adding a multi VDOM
Device groups
Default device groups
Adding custom device groups
Managing device groups
Table view
Using the quick status bar
Viewing managed devices
Viewing configuration status
Viewing policy package status
Editing device information
Setting values for required meta fields
Customizing columns
Displaying Security Fabric topology
Refreshing a device
Using device group tree menus
Installing VM licenses on managed devices
Ring view
Using the monitors dashboard
Customizing the monitors dashboard
Map view
Positioning devices on the map
Viewing device details
Viewing problematic devices
Folder view
Creating folders
Nesting folders
Moving devices between folders
Moving folders
Import Configuration wizard
Importing policies and objects
Importing AP profiles and FortiSwitch templates
Install wizard
Installing policy packages and device settings
Install device settings only
Out-of-Sync device
Viewing a policy package diff
Firewall policy reordering on first installation
Installing the device database
Firmware upgrade
Viewing installed firmware versions
Upgrading firmware
Upgrading multiple firmware images on FortiGate
Upgrading firmware downloaded from FortiGuard
Device database (DB)
Displaying the device database
Choosing feature visibility for devices
Using the CLI console for managed devices
Viewing and managing LTE modems
Device DB - Dashboard
Adding widgets to dashboards
Creating custom system dashboards
Copying custom system dashboards
Summary dashboard
Device DB - configuration management
Checking device configuration status
Viewing configuration revision history
Viewing configuration settings on FortiGate
Adding a tag to configuration versions
Downloading a configuration file
Importing a configuration file
Comparing different configuration files
Reverting to another configuration file
Device DB - Network Interface
Device zones
Interface packet capture
Device DB - System Virtual Domain
Enabling virtual domains
Viewing virtual domains
Creating virtual domains
Configuring inter-VDOM routing
Deleting a virtual domain
Editing resource limits
Device DB - Network SD-WAN
SD-WAN per-device management
SD-WAN zones and interface members
IPsec VPN Wizard
Performance SLA
SD-WAN rules
BGP Neighbors
Duplication
Device DB - Network BGP
Device DB - CLI Configurations
Device maintenance
Deleting a device
Replacing a managed device
Managing FortiGate HA clusters
Configuring model HA cluster members
FortiManager supports FortiGate auto-scale clusters
How FortiGate VDOM exceptions interact with FortiManager
Support for FortiAnalyzer HA
Retrieving account level entitlements for FortiGate
Remotely access a managed FortiGate
Scripts
Enabling scripts
Configuring scripts
Run a script
Add a script
Edit a script
Clone a script
Delete a script
Export a script
Import a script
Schedule a script
CLI script group
Script syntax
Script history
Script samples
CLI scripts
Tcl scripts
Use Tcl script to access FortiManager’s device database or ADOM database
Provisioning Templates
Template groups
Creating template groups
Assigning template groups
Editing template groups
Deleting template groups
Fabric authorization templates
System templates
Assigning system templates to devices and device groups
Previewing interface actions
Using meta field variables
IPsec tunnel templates
Recommended IPsec templates
Creating new IPsec VPN templates
Assigning IPsec VPN templates
Installing IPsec VPN configuration
Verifying IPsec template configuration status
Verifying IPsec VPN tunnel status
Un-assigning IPsec templates
IPsec tunnel template example
Defining the hub template
Defining the branch template
Assigning templates to devices and groups
Creating and installing the policy package and IPsec template
Verifying VPN template and tunnel status
SD-WAN templates
SD-WAN templates
Zones and interface members
Performance SLA
SD-WAN rules
Neighbors
Duplication
Assign SD-WAN templates to devices and device groups
Migrate an SD-WAN Orchestrator configuration into SD-WAN templates
SD-WAN overlay templates
Template prerequisites and network planning
Using the SD-WAN overlay template
Configuring an SD-WAN overlay template
Editing the SD-WAN overlay template
Onboarding new branch devices
Objects and templates created by the SD-WAN overlay template
SD-WAN overlay template IP network design
Static route templates
BGP templates
Recommended BGP templates
Certificate templates
Threat Weight templates
CLI templates
Adding CLI templates
Editing CLI templates
Deleting CLI templates
Assigning CLI templates to managed devices
Importing CLI templates
Cloning CLI templates
Exporting CLI templates
Validate CLI templates
CLI template groups
Default CLI templates
Using FortiManager device database variables in Jinja
NSX-T service templates
Viewing the CLI preview for provisioning templates
Firmware templates
Creating firmware templates
Editing firmware templates
Deleting firmware templates
Assigning firmware templates to devices
Previewing upgrades
Reviewing upgrade history
Upgrading devices now
Viewing the firmware upgrade report
Monitors
SD-WAN Monitor
Map View
Table View
Template View
Enabling SD-WAN monitoring history
SD-WAN cloud assisted monitoring speed test
VPN Monitor
Asset Identity Center
AI Analysis
LTE modem monitors
FortiMeter
FortiOS VMs
FortiWeb VMs
Overview
Points
Authorizing metered VMs
Authorizing FortiOS VMs
Authorizing FortiWeb VMs
Monitoring VMs
FortiGate chassis devices
Viewing chassis dashboard
Policy & Objects
About policies
Policy theory
Global policy packages
Policy workflow
Provisioning new devices
Day-to-day management of devices
Feature visibility
Managing policy packages
Create new policy packages
Create new policy package folders
Edit a policy package or folder
Clone a policy package
Remove a policy package or folder
Assign a global policy package
Install a policy package
Reinstall a policy package
Schedule a policy package install
Export a policy package
Policy package installation targets
Perform a policy consistency check
View logs related to a policy rule
Find and replace objects
Managing policies
Column options
Policy search and filter
Policy hit count
Viewing unused policies
Policy Lookup
Creating policies
Creating policies based on logged traffic
Editing policies
Object selector
Drag and drop objects
Install policies only to specific devices
Configuring policy details
Reverting a Policy to a previous version
Create a new firewall policy
Create a new SSL inspection and authentication policy
Create a new security policy
Create a new firewall virtual wire pair policy
Create a new virtual wire pair SSL inspection and authentication policy
Create a new security virtual wire pair policy
Create a new proxy policy
Create a new central SNAT policy
Create a new central DNAT or IPv6 central DNAT policy
Create a new DoS policy
Create a new interface policy
Create a new multicast policy
Create a new local-in policy
Create a new traffic shaping policy
Create a new authentication rule
Hyperscale policies
Create a new NAC policy
Create a new FortiProxy firewall policy
Create a new FortiProxy proxy auto-configuration (PAC) policy
Using Policy Blocks
Creating Policy Blocks
Editing Policy Blocks
Adding policies to a Policy Block
Appending a Policy Block to a Policy Package
Installing Policy Blocks to target devices
Using Policy Blocks versus Global Policy Packages
Role-based access control for Policy Blocks
Migrating global policies to policy blocks
Managing objects and dynamic objects
Create a new object
Color code an object
Creating an IPv6 Address Template
Promote an Object to Global Database
Normalized interfaces
Viewing normalized interfaces
Viewing normalized interfaces mapped to devices
Viewing where normalized interfaces are used
Editing per-platform mapping rules
Deleting per-platform mapping rules
Deleting default normalized interfaces
Creating normalized interfaces
Creating virtual wire pairs
Map a dynamic ADOM object
Map a dynamic device object
Create a dynamic local certificate
Create a dynamic VPN Tunnel
Map a dynamic device group
Delete an object
Edit an object
Installing objects
Clone an object
Search objects
Find unused objects
Find and merge duplicate objects
Export signatures to CSV file format
CLI Configurations
FortiToken configuration example
FSSO user groups
Interface mapping
VIP mapping
Modify existing interface-zone mapping
Create a new shaping profile
Assigning a shaping profile
Viewing the traffic shaping widget
Intrusion Prevention filtering options
IPS Signatures
ADOM-level metadata variables
Default address space objects
Persistent object search menu
Zero Trust Network Access (ZTNA) objects
Viewing security posture tags
Creating ZTNA geographic IP objects
Creating security posture tag groups
Configuring a ZTNA server
FortiProxy content analysis objects
ICAP profile
ICAP remote server
ICAP load balancing
ADOM revisions
AP Manager
Managed FortiAPs
Quick status bar
Managing APs
Add a FortiAP device
Editing FortiAP devices
Deleting FortiAP devices
Upgrading FortiAP devices
Importing and exporting FortiAP devices
FortiAP groups
Device summary
Authorizing and deauthorizing FortiAP devices
Installing changes to FortiAP devices
Rogue APs
Authorizing unknown APs
Connected clients
Spectrum analysis for managed APs
Clients Monitor
Health Monitor
Replacing APs
WiFi Maps
Google map
Floor map
WiFi profiles and settings for central management
Enabling FortiAP central management
SSIDs
Creating SSIDs
Adding SSID per-device mapping
Adding additional DHCP options
Adding a MAC address reservation
FortiAP profiles
QoS profiles
Bonjour profiles
Bluetooth profiles
WIDS profiles
L3 firewall profiles
ARRP profiles
WiFi settings
Assigning profiles to FortiAP devices
Using Fortinet recommended profiles
WiFi profiles and settings for per-device management
Enabling FortiAP per-device management
Creating profiles
VPN Manager
Overview
Enabling central VPN management
DDNS support
VPN Setup Wizard supports device groups
IPsec VPN
IPsec VPN Communities
Managing IPsec VPN communities
Creating IPsec VPN communities
VPN community settings
View IPsec VPN community details
Editing an IPsec VPN community
Deleting VPN communities
IPsec VPN gateways
Managing VPN gateways
Creating managed gateways
Creating external gateways
Editing an IPsec VPN gateway
Deleting VPN gateways
Using Map View
Monitoring IPsec VPN tunnels
SSL VPN
SSL VPN settings
Creating SSL VPNs
Editing SSL VPNs
Deleting SSL VPNs
SSL VPN portals
Creating SSL VPN portal profiles
Predefined bookmarks
Editing portal profiles
Deleting portal profiles
SSL VPN monitor
VPN security policies
Defining policy addresses
Defining security policies
Fabric View
Security Fabric Topology
Physical Topology
Logical Topology
Filter Topology Views
Search Topology Views
Security Rating
Viewing Security Fabric Ratings
Security Fabric score
Fabric Connectors
Core Network Security
Creating FortiClient EMS connectors
External Connectors
Public and private SDN
Creating ACI fabric connectors
Creating AWS fabric connectors
Using FortiManager as a SDN proxy for AWS connectors
Creating Microsoft Azure fabric connectors
Creating VMware NSX fabric connectors
Creating Nuage fabric connectors
Create Nutanix fabric connectors
Creating OpenStack (Horizon) connector
Creating Oracle Cloud Infrastructure (OCI) connector
Creating VMWare ESXi connector
Creating Kubernetes connector
Creating AliCloud Service connector
Creating Google Cloud Platform connector
Creating IBM Cloud connector
Importing address names to fabric connectors
Configuring dynamic firewall addresses for fabric connectors
Configuring virtual wire pairs
Threat Feeds
Creating threat feed connectors
Endpoint/Identity
Creating Active Directory connectors
Creating FSSO connectors
Creating RADIUS connectors
Creating Cisco pxGrid connectors
Creating ClearPass connectors
Creating VMware NSX-T connectors
Creating VMware vCenter connectors
Creating FortiFlex connectors
Creating JSON API connectors
Cloud Orchestration
Creating cloud connectors
Creating cloud deployment templates
Deploying cloud orchestration
FortiGuard
Device licenses
View licensing status
Package management
Receive status
Service status
IoT packages
Exporting packages example
Importing packages example
Query services
Receive status
Query status
Exporting web filter databases example
Importing web filter databases example
Providing delta updates to downstream FortiManagers in cascade mode
Firmware images
Download prioritization
Product download prioritization
Package download prioritization
External resources
Settings
Connecting the built-in FDS to the FDN
Operating as an FDS in a closed network
Licensing in an air-gap environment
Requesting account entitlement files
Uploading account entitlement files
Enabling FDN third-party SSL validation and Anycast support
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unauthorized devices
Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
Configuring FortiGuard services
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
Scheduling updates
Accessing public FortiGuard web and email filter servers
Logging events related to FortiGuard services
Logging FortiGuard antivirus and IPS updates
Logging FortiGuard web or email filter events
Restoring the URL or antispam database
FortiSwitch Manager
Managed FortiSwitches
Quick status bar
Managing FortiSwitches
Editing switches
Deleting switches
Replacing switches
Importing and exporting FortiSwitch devices
Configuring FortiSwitch packet captures
Authorizing and deauthorizing FortiSwitch devices
Upgrading firmware for managed switches
Using zero-touch deployment for FortiSwitch
Creating a FortiSwitch group
Installing changes to managed switches
Diagnostics and tools
Run a cable test on FortiSwitch ports from FortiManager
Monitors
FortiSwitch central management
Enabling FortiSwitch central management
FortiSwitch Templates
Accessing FortiSwitch templates
Creating FortiSwitch templates
Importing FortiSwitch templates
FortiSwitch VLANs
FortiSwitch dynamic port policies
FortiSwitch security policies
Viewing FortiSwitch security policies
Custom commands
FortiLink settings
Assigning templates to FortiSwitch devices
FortiSwitch per-device management
Enabling per-device management
Creating VLANs
Creating NAC policies
Creating security policies
Creating LLDP profiles
Creating QoS policies
Creating custom commands
CLI Configurations
Configuring a port on a single FortiSwitch
Exporting FortiSwitch ports to another VDOM
Extender Manager
Managed extenders
Managing FortiExtender devices
Extender profiles
FortiExtender profiles
Data plans
Using Fortinet recommended extender profiles
System Settings
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
Aggregate links
VLAN interfaces
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiManager MIB fields
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Checking RAID from command line
Swapping hard disks
Adding hard disks
Administrative Domains (ADOMs)
Root ADOM
Default device type ADOMs
ADOM types
FortiProxy ADOMs
Organizing devices into ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
ADOM modes
Creating backup ADOMs
Importing objects to backup ADOMs
Viewing read-only polices in backup ADOMs
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning VDOMs to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Checking ADOM health
ADOM versions
Global database version
Concurrent ADOM access
Locking an ADOM
Upgrading an ADOM
Using mixed versions in ADOMs
Global Database
Creating object configurations
Header/Footer IPS
Creating policy packages
Assigning a global policy package to an ADOM
Installing policy packages on devices
Certificates
Local certificates
CA certificates
Certificate revocation lists
Event Log
Event log filtering
Task Monitor
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Miscellaneous Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Override administrator attributes from profiles
Restricted administrators
Web Filter restricted administrator
Intrusion prevention restricted administrator
Intrusion prevention profiles
Intrusion prevention signatures
Intrusion prevention diagnostics
Intrusion prevention hold-time and CVE filtering
Intrusion prevention FortiGuard packages
Intrusion prevention licenses and services
Intrusion prevention templates
Intrusion prevention global headers and footers
IPS administration permissions
Application control restricted administrator
Installing profiles as a restricted administrator
Workspace mode for restricted administrators
Administrator profiles
Permissions
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Workspace
Workspace mode
Enable workspace mode
Locking an ADOM
Locking a device
Locking a policy package
Lock an individual policy
Workflow mode
Enable workflow mode
Workflow approval
Workflow sessions
Starting a workflow session
Saved sessions
View session diff
Discarding a session
Submitting a session
Approving or rejecting a session
Repairing a rejected session
Reverting a session
The session list
Install and unlock setting for Workspace mode
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
FortiCloud SSO admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Security Fabric authorization information for FortiOS
Control administrative access with a local-in policy
Two-factor authentication
Two-factor authentication with FortiAuthenticator
Configuring FortiAuthenticator
Configuring FortiManager
Two-factor authentication with FortiToken Cloud
High Availability
Synchronizing the FortiManager configuration and HA heartbeat
If the primary or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
GUI configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
Management Extensions
FortiAIOps MEA
FortiSigConverter MEA
FortiSOAR MEA
FortiWLM MEA
Policy Analyzer MEA
Universal Connector MEA
Enabling management extension applications
CLI for management extensions
Accessing management extension logs
Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Policy ID support
Appendix C - Re-establishing the FGFM tunnel after VM license migration
Appendix D - FortiManager Ansible Collection documentation
Change Log
Home
FortiManager 7.4.2
Administration Guide
7.4.2
7.6.1
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Device maintenance
Device maintenance
This section includes the following procedures:
Deleting a device
Replacing a managed device
Previous
Next
Device maintenance
Device maintenance
This section includes the following procedures:
Deleting a device
Replacing a managed device
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Setting up FortiManager
Connecting to the GUI
FortiManager Setup wizard
Activating VM licenses
Security considerations
Restricting GUI access by trusted host
Trusted platform module support
Other security considerations
GUI overview
Panes
Color themes
Side menu open or closed
Switching between ADOMs
Using the right-click menu
Using the CLI console
Avatars
Using the Process Monitor
Showing and hiding passwords
Google Map integration
FortiAnalyzer Features
Enable or disable FortiAnalyzer features
Initial setup
Restarting and shutting down
FortiManager Key Concepts
Communication through protocols
FortiGuard
Device Manager
FortiAnalyzer features
Configuration through Device Manager
Direct device database editing
Indirect device database editing
Model devices
Zero-touch and low-touch provisioning
ADOMs and devices
Global ADOM layer
ADOM and policy layer
Device Manager layer
Operations
Install device settings only
Quick install (device db)
Install policy package
Re-install policy
Import configuration
Retrieve configuration
Auto-update and auto-retrieve
Auto-backup
Refresh
Revert
Sequence of operations for installation to managed devices
Key features of the FortiManager system
Security Fabric
Configuration revision control and tracking
Centralized management
Administrative domains
Local FortiGuard service provisioning
Firmware management
Scripting
Logging and reporting
Fortinet device life cycle management
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
System Resources widget
License Information widget
Registering with FortiCloud
Activating add-on licenses
Understanding license count rules
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Device widgets
Restart, shut down, or reset FortiManager
Device Manager
ADOMs
Device & Groups
Add devices
Adding online devices using Discover mode
Security Fabric authorization
Adding online devices using Discover mode and legacy login
Adding offline model devices
Adding a model FortiGate HA cluster
Import model devices from a CSV file
Adding FortiSOAR devices
Adding a Security Fabric group
Authorizing devices
Hiding unauthorized devices
Setting unauthorized device options
Importing detected devices
Importing and exporting device lists
Configuring the management address
Verifying devices with private data encryption enabled
Using device blueprints for model devices
Example of adding an offline device by pre-shared key
Example of adding an offline device by serial number
Example of adding an offline device by using device template
Adding FortiGate CNF device
Add FortiAnalyzer or FortiAnalyzer BigData
Adding FortiAnalyzer devices using the wizard
Adding FortiAnalyzer devices using a fabric connection
Viewing policy rules
Add VDOM
Adding a split-task VDOM
Adding a multi VDOM
Device groups
Default device groups
Adding custom device groups
Managing device groups
Table view
Using the quick status bar
Viewing managed devices
Viewing configuration status
Viewing policy package status
Editing device information
Setting values for required meta fields
Customizing columns
Displaying Security Fabric topology
Refreshing a device
Using device group tree menus
Installing VM licenses on managed devices
Ring view
Using the monitors dashboard
Customizing the monitors dashboard
Map view
Positioning devices on the map
Viewing device details
Viewing problematic devices
Folder view
Creating folders
Nesting folders
Moving devices between folders
Moving folders
Import Configuration wizard
Importing policies and objects
Importing AP profiles and FortiSwitch templates
Install wizard
Installing policy packages and device settings
Install device settings only
Out-of-Sync device
Viewing a policy package diff
Firewall policy reordering on first installation
Installing the device database
Firmware upgrade
Viewing installed firmware versions
Upgrading firmware
Upgrading multiple firmware images on FortiGate
Upgrading firmware downloaded from FortiGuard
Device database (DB)
Displaying the device database
Choosing feature visibility for devices
Using the CLI console for managed devices
Viewing and managing LTE modems
Device DB - Dashboard
Adding widgets to dashboards
Creating custom system dashboards
Copying custom system dashboards
Summary dashboard
Device DB - configuration management
Checking device configuration status
Viewing configuration revision history
Viewing configuration settings on FortiGate
Adding a tag to configuration versions
Downloading a configuration file
Importing a configuration file
Comparing different configuration files
Reverting to another configuration file
Device DB - Network Interface
Device zones
Interface packet capture
Device DB - System Virtual Domain
Enabling virtual domains
Viewing virtual domains
Creating virtual domains
Configuring inter-VDOM routing
Deleting a virtual domain
Editing resource limits
Device DB - Network SD-WAN
SD-WAN per-device management
SD-WAN zones and interface members
IPsec VPN Wizard
Performance SLA
SD-WAN rules
BGP Neighbors
Duplication
Device DB - Network BGP
Device DB - CLI Configurations
Device maintenance
Deleting a device
Replacing a managed device
Managing FortiGate HA clusters
Configuring model HA cluster members
FortiManager supports FortiGate auto-scale clusters
How FortiGate VDOM exceptions interact with FortiManager
Support for FortiAnalyzer HA
Retrieving account level entitlements for FortiGate
Remotely access a managed FortiGate
Scripts
Enabling scripts
Configuring scripts
Run a script
Add a script
Edit a script
Clone a script
Delete a script
Export a script
Import a script
Schedule a script
CLI script group
Script syntax
Script history
Script samples
CLI scripts
Tcl scripts
Use Tcl script to access FortiManager’s device database or ADOM database
Provisioning Templates
Template groups
Creating template groups
Assigning template groups
Editing template groups
Deleting template groups
Fabric authorization templates
System templates
Assigning system templates to devices and device groups
Previewing interface actions
Using meta field variables
IPsec tunnel templates
Recommended IPsec templates
Creating new IPsec VPN templates
Assigning IPsec VPN templates
Installing IPsec VPN configuration
Verifying IPsec template configuration status
Verifying IPsec VPN tunnel status
Un-assigning IPsec templates
IPsec tunnel template example
Defining the hub template
Defining the branch template
Assigning templates to devices and groups
Creating and installing the policy package and IPsec template
Verifying VPN template and tunnel status
SD-WAN templates
SD-WAN templates
Zones and interface members
Performance SLA
SD-WAN rules
Neighbors
Duplication
Assign SD-WAN templates to devices and device groups
Migrate an SD-WAN Orchestrator configuration into SD-WAN templates
SD-WAN overlay templates
Template prerequisites and network planning
Using the SD-WAN overlay template
Configuring an SD-WAN overlay template
Editing the SD-WAN overlay template
Onboarding new branch devices
Objects and templates created by the SD-WAN overlay template
SD-WAN overlay template IP network design
Static route templates
BGP templates
Recommended BGP templates
Certificate templates
Threat Weight templates
CLI templates
Adding CLI templates
Editing CLI templates
Deleting CLI templates
Assigning CLI templates to managed devices
Importing CLI templates
Cloning CLI templates
Exporting CLI templates
Validate CLI templates
CLI template groups
Default CLI templates
Using FortiManager device database variables in Jinja
NSX-T service templates
Viewing the CLI preview for provisioning templates
Firmware templates
Creating firmware templates
Editing firmware templates
Deleting firmware templates
Assigning firmware templates to devices
Previewing upgrades
Reviewing upgrade history
Upgrading devices now
Viewing the firmware upgrade report
Monitors
SD-WAN Monitor
Map View
Table View
Template View
Enabling SD-WAN monitoring history
SD-WAN cloud assisted monitoring speed test
VPN Monitor
Asset Identity Center
AI Analysis
LTE modem monitors
FortiMeter
FortiOS VMs
FortiWeb VMs
Overview
Points
Authorizing metered VMs
Authorizing FortiOS VMs
Authorizing FortiWeb VMs
Monitoring VMs
FortiGate chassis devices
Viewing chassis dashboard
Policy & Objects
About policies
Policy theory
Global policy packages
Policy workflow
Provisioning new devices
Day-to-day management of devices
Feature visibility
Managing policy packages
Create new policy packages
Create new policy package folders
Edit a policy package or folder
Clone a policy package
Remove a policy package or folder
Assign a global policy package
Install a policy package
Reinstall a policy package
Schedule a policy package install
Export a policy package
Policy package installation targets
Perform a policy consistency check
View logs related to a policy rule
Find and replace objects
Managing policies
Column options
Policy search and filter
Policy hit count
Viewing unused policies
Policy Lookup
Creating policies
Creating policies based on logged traffic
Editing policies
Object selector
Drag and drop objects
Install policies only to specific devices
Configuring policy details
Reverting a Policy to a previous version
Create a new firewall policy
Create a new SSL inspection and authentication policy
Create a new security policy
Create a new firewall virtual wire pair policy
Create a new virtual wire pair SSL inspection and authentication policy
Create a new security virtual wire pair policy
Create a new proxy policy
Create a new central SNAT policy
Create a new central DNAT or IPv6 central DNAT policy
Create a new DoS policy
Create a new interface policy
Create a new multicast policy
Create a new local-in policy
Create a new traffic shaping policy
Create a new authentication rule
Hyperscale policies
Create a new NAC policy
Create a new FortiProxy firewall policy
Create a new FortiProxy proxy auto-configuration (PAC) policy
Using Policy Blocks
Creating Policy Blocks
Editing Policy Blocks
Adding policies to a Policy Block
Appending a Policy Block to a Policy Package
Installing Policy Blocks to target devices
Using Policy Blocks versus Global Policy Packages
Role-based access control for Policy Blocks
Migrating global policies to policy blocks
Managing objects and dynamic objects
Create a new object
Color code an object
Creating an IPv6 Address Template
Promote an Object to Global Database
Normalized interfaces
Viewing normalized interfaces
Viewing normalized interfaces mapped to devices
Viewing where normalized interfaces are used
Editing per-platform mapping rules
Deleting per-platform mapping rules
Deleting default normalized interfaces
Creating normalized interfaces
Creating virtual wire pairs
Map a dynamic ADOM object
Map a dynamic device object
Create a dynamic local certificate
Create a dynamic VPN Tunnel
Map a dynamic device group
Delete an object
Edit an object
Installing objects
Clone an object
Search objects
Find unused objects
Find and merge duplicate objects
Export signatures to CSV file format
CLI Configurations
FortiToken configuration example
FSSO user groups
Interface mapping
VIP mapping
Modify existing interface-zone mapping
Create a new shaping profile
Assigning a shaping profile
Viewing the traffic shaping widget
Intrusion Prevention filtering options
IPS Signatures
ADOM-level metadata variables
Default address space objects
Persistent object search menu
Zero Trust Network Access (ZTNA) objects
Viewing security posture tags
Creating ZTNA geographic IP objects
Creating security posture tag groups
Configuring a ZTNA server
FortiProxy content analysis objects
ICAP profile
ICAP remote server
ICAP load balancing
ADOM revisions
AP Manager
Managed FortiAPs
Quick status bar
Managing APs
Add a FortiAP device
Editing FortiAP devices
Deleting FortiAP devices
Upgrading FortiAP devices
Importing and exporting FortiAP devices
FortiAP groups
Device summary
Authorizing and deauthorizing FortiAP devices
Installing changes to FortiAP devices
Rogue APs
Authorizing unknown APs
Connected clients
Spectrum analysis for managed APs
Clients Monitor
Health Monitor
Replacing APs
WiFi Maps
Google map
Floor map
WiFi profiles and settings for central management
Enabling FortiAP central management
SSIDs
Creating SSIDs
Adding SSID per-device mapping
Adding additional DHCP options
Adding a MAC address reservation
FortiAP profiles
QoS profiles
Bonjour profiles
Bluetooth profiles
WIDS profiles
L3 firewall profiles
ARRP profiles
WiFi settings
Assigning profiles to FortiAP devices
Using Fortinet recommended profiles
WiFi profiles and settings for per-device management
Enabling FortiAP per-device management
Creating profiles
VPN Manager
Overview
Enabling central VPN management
DDNS support
VPN Setup Wizard supports device groups
IPsec VPN
IPsec VPN Communities
Managing IPsec VPN communities
Creating IPsec VPN communities
VPN community settings
View IPsec VPN community details
Editing an IPsec VPN community
Deleting VPN communities
IPsec VPN gateways
Managing VPN gateways
Creating managed gateways
Creating external gateways
Editing an IPsec VPN gateway
Deleting VPN gateways
Using Map View
Monitoring IPsec VPN tunnels
SSL VPN
SSL VPN settings
Creating SSL VPNs
Editing SSL VPNs
Deleting SSL VPNs
SSL VPN portals
Creating SSL VPN portal profiles
Predefined bookmarks
Editing portal profiles
Deleting portal profiles
SSL VPN monitor
VPN security policies
Defining policy addresses
Defining security policies
Fabric View
Security Fabric Topology
Physical Topology
Logical Topology
Filter Topology Views
Search Topology Views
Security Rating
Viewing Security Fabric Ratings
Security Fabric score
Fabric Connectors
Core Network Security
Creating FortiClient EMS connectors
External Connectors
Public and private SDN
Creating ACI fabric connectors
Creating AWS fabric connectors
Using FortiManager as a SDN proxy for AWS connectors
Creating Microsoft Azure fabric connectors
Creating VMware NSX fabric connectors
Creating Nuage fabric connectors
Create Nutanix fabric connectors
Creating OpenStack (Horizon) connector
Creating Oracle Cloud Infrastructure (OCI) connector
Creating VMWare ESXi connector
Creating Kubernetes connector
Creating AliCloud Service connector
Creating Google Cloud Platform connector
Creating IBM Cloud connector
Importing address names to fabric connectors
Configuring dynamic firewall addresses for fabric connectors
Configuring virtual wire pairs
Threat Feeds
Creating threat feed connectors
Endpoint/Identity
Creating Active Directory connectors
Creating FSSO connectors
Creating RADIUS connectors
Creating Cisco pxGrid connectors
Creating ClearPass connectors
Creating VMware NSX-T connectors
Creating VMware vCenter connectors
Creating FortiFlex connectors
Creating JSON API connectors
Cloud Orchestration
Creating cloud connectors
Creating cloud deployment templates
Deploying cloud orchestration
FortiGuard
Device licenses
View licensing status
Package management
Receive status
Service status
IoT packages
Exporting packages example
Importing packages example
Query services
Receive status
Query status
Exporting web filter databases example
Importing web filter databases example
Providing delta updates to downstream FortiManagers in cascade mode
Firmware images
Download prioritization
Product download prioritization
Package download prioritization
External resources
Settings
Connecting the built-in FDS to the FDN
Operating as an FDS in a closed network
Licensing in an air-gap environment
Requesting account entitlement files
Uploading account entitlement files
Enabling FDN third-party SSL validation and Anycast support
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unauthorized devices
Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
Configuring FortiGuard services
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
Scheduling updates
Accessing public FortiGuard web and email filter servers
Logging events related to FortiGuard services
Logging FortiGuard antivirus and IPS updates
Logging FortiGuard web or email filter events
Restoring the URL or antispam database
FortiSwitch Manager
Managed FortiSwitches
Quick status bar
Managing FortiSwitches
Editing switches
Deleting switches
Replacing switches
Importing and exporting FortiSwitch devices
Configuring FortiSwitch packet captures
Authorizing and deauthorizing FortiSwitch devices
Upgrading firmware for managed switches
Using zero-touch deployment for FortiSwitch
Creating a FortiSwitch group
Installing changes to managed switches
Diagnostics and tools
Run a cable test on FortiSwitch ports from FortiManager
Monitors
FortiSwitch central management
Enabling FortiSwitch central management
FortiSwitch Templates
Accessing FortiSwitch templates
Creating FortiSwitch templates
Importing FortiSwitch templates
FortiSwitch VLANs
FortiSwitch dynamic port policies
FortiSwitch security policies
Viewing FortiSwitch security policies
Custom commands
FortiLink settings
Assigning templates to FortiSwitch devices
FortiSwitch per-device management
Enabling per-device management
Creating VLANs
Creating NAC policies
Creating security policies
Creating LLDP profiles
Creating QoS policies
Creating custom commands
CLI Configurations
Configuring a port on a single FortiSwitch
Exporting FortiSwitch ports to another VDOM
Extender Manager
Managed extenders
Managing FortiExtender devices
Extender profiles
FortiExtender profiles
Data plans
Using Fortinet recommended extender profiles
System Settings
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
Aggregate links
VLAN interfaces
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiManager MIB fields
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Checking RAID from command line
Swapping hard disks
Adding hard disks
Administrative Domains (ADOMs)
Root ADOM
Default device type ADOMs
ADOM types
FortiProxy ADOMs
Organizing devices into ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
ADOM modes
Creating backup ADOMs
Importing objects to backup ADOMs
Viewing read-only polices in backup ADOMs
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning VDOMs to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Checking ADOM health
ADOM versions
Global database version
Concurrent ADOM access
Locking an ADOM
Upgrading an ADOM
Using mixed versions in ADOMs
Global Database
Creating object configurations
Header/Footer IPS
Creating policy packages
Assigning a global policy package to an ADOM
Installing policy packages on devices
Certificates
Local certificates
CA certificates
Certificate revocation lists
Event Log
Event log filtering
Task Monitor
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Miscellaneous Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Override administrator attributes from profiles
Restricted administrators
Web Filter restricted administrator
Intrusion prevention restricted administrator
Intrusion prevention profiles
Intrusion prevention signatures
Intrusion prevention diagnostics
Intrusion prevention hold-time and CVE filtering
Intrusion prevention FortiGuard packages
Intrusion prevention licenses and services
Intrusion prevention templates
Intrusion prevention global headers and footers
IPS administration permissions
Application control restricted administrator
Installing profiles as a restricted administrator
Workspace mode for restricted administrators
Administrator profiles
Permissions
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Workspace
Workspace mode
Enable workspace mode
Locking an ADOM
Locking a device
Locking a policy package
Lock an individual policy
Workflow mode
Enable workflow mode
Workflow approval
Workflow sessions
Starting a workflow session
Saved sessions
View session diff
Discarding a session
Submitting a session
Approving or rejecting a session
Repairing a rejected session
Reverting a session
The session list
Install and unlock setting for Workspace mode
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
FortiCloud SSO admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Security Fabric authorization information for FortiOS
Control administrative access with a local-in policy
Two-factor authentication
Two-factor authentication with FortiAuthenticator
Configuring FortiAuthenticator
Configuring FortiManager
Two-factor authentication with FortiToken Cloud
High Availability
Synchronizing the FortiManager configuration and HA heartbeat
If the primary or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
GUI configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
Management Extensions
FortiAIOps MEA
FortiSigConverter MEA
FortiSOAR MEA
FortiWLM MEA
Policy Analyzer MEA
Universal Connector MEA
Enabling management extension applications
CLI for management extensions
Accessing management extension logs
Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Policy ID support
Appendix C - Re-establishing the FGFM tunnel after VM license migration
Appendix D - FortiManager Ansible Collection documentation
Change Log