Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    ADOM versions

    ADOM versions

    Each ADOM created on FortiManager has its own version. The version of an ADOM refers to the specific FortiOS version that the ADOM’s central database is aligned with. For example, a version 7.6 ADOM uses FortiOS 7.6 syntax, and its Policy & Objects are based on FortiOS 7.6.

    The ADOM version defines the features, configuration options, and policies that are available within that ADOM:

    Firmware compatibility

    The ADOM version aligns with a specific FortiOS firmware version (for example, 7.2, 7.4, and 7.6), ensuring that devices running a compatible FortiOS version can be managed within that ADOM.

    This is important because different FortiOS versions may have different features, commands, or configurations, so the ADOM version must match to enable proper management.
    FortiOS feature set

    Each FortiOS version may introduce new features, security policies, or configuration settings. By setting the ADOM to a specific version, you define the feature set available to that ADOM, limiting the options to those compatible with the selected FortiOS version.
    Version control

    Using versioned ADOMs allows for consistent policy and configuration management across devices within the same ADOM, ensuring they all operate within the same FortiOS environment.
    FortiOS device allocation

    Only devices running a FortiOS version compatible with the ADOM’s version can be assigned to that ADOM, helping avoid misconfigurations or conflicts. See FortiOS version support by ADOM version.
    ADOM version upgrades

    ADOMs can be upgraded to support newer FortiOS versions, allowing you to adopt the latest features and improvements as devices in that ADOM are upgraded.

    When planning upgrades, it’s essential to ensure that the FortiManager version supports the desired ADOM versions and that those ADOM versions are compatible with the FortiOS versions on your devices. See Upgrading an ADOM and Understanding the relationships between versions.

    Managing devices on different firmware versions

    Some ADOM versions can also manage FortiGate devices that are on earlier or later firmware versions. For example, in 7.6.1, the 7.4 ADOM can manage FortiGate devices on firmware versions 7.4.x and 7.2.x.

    Fig 1: Supported FortiOS versions for each FortiManager 7.6.1 ADOM version

    When the ADOM is managing devices on earlier or later firmware versions, it does not include the exact FortiOS syntax for those versions, and instead uses a “downgrade” and “upgrade” mechanism to adapt to different versions of FortiOS syntax as needed.

    For example:

    Configuration upgrade

     If you install policies to a device with a higher FortiOS version than the ADOM version, FortiManager will leverage its upgrade capability.

    Automatic upgrade of CLI syntax is handled as follows:

    1. New CLI syntax that exists in the higher FortiGate version but not in the ADOM's version is not used.

    2. Modified CLI syntax is upgraded to the higher version's CLI syntax and used.

    3. Deleted CLI syntax is not installed to the higher version FortiGate.
    Configuration downgrade

     If you install policies to a device with a lower FortiOS version, FortiManager will leverage its downgrade capability.

    Automatic downgrade of CLI syntax is handled as follows:

    1. New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.

    2. Modified CLI syntax is reverted to the previous version's CLI syntax and used.

    3. Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.

    The upgrade and downgrade process is performed on a best-effort basis. If FortiManager supports the necessary downgrade or upgrade capabilities for the target FortiOS versions, then the ADOM can manage devices with those versions. See FortiOS version support by ADOM version.

    Tooltip

    While some ADOM versions can manage multiple FortiOS versions, it’s generally recommended to minimize version discrepancies to avoid potential compatibility issues.

    It is not recommended to permanently leave devices on earlier or later firmware versions within the ADOM due to the restrictions the ADOM may have by not sharing the exact FortiOS syntax. For example, you cannot use features from higher firmware version, such as templates that reference syntax from the higher version.

    FortiOS version support by ADOM version

    The table below outlines the FortiOS versions that can be managed by each ADOM version in FortiManager 7.6.1, including the ability to install and import configurations to and from FortiGate devices on that version.

    ADOM version support can change between each release as additional support is added so it is recommended that you view the table below for your specific FortiManager version to see the firmware versions that are supported by each ADOM version.

    Supported ADOM versions in FortiManager 7.6.1:

    FortiOS Version

    ADOM Versions

    ADOM 7.6

    ADOM 7.4

    ADOM 7.2

    Install

    Import

    Install

    Import

    Install

    Import
    7.6.x ü ü X X X X
    7.4.x X X ü ü ü ü
    7.2.x X X ü ü ü ü
    Tooltip

    The versions that each ADOM is able to support is also based on the FortiManager firmware version's overall compatibility with other products. For example:

    • In FortiManager 7.4.5, the 7.2 ADOM can include devices on FortiOS 7.0.x.

    • In FortiManager 7.6.1, the 7.2 ADOM can not include FortiOS 7.0.x devices because FortiManager 7.6.1 is not compatible with FortiOS 7.0.x.

    For information on devices supported by your FortiManager firmware version, see the FortiManager Release Notes.

    Note

    New ADOM versions introduced to FortiManager will initially only support FortiOS on matching firmware versions. Additional upgrade/downgrade configuration support is typically added within one or two patch versions.

    Understanding the relationships between versions

    When using ADOMs in FortiManager, there are three different versions to be aware of:

    1. FortiManager version: This is the software version of the FortiManager system itself, which determines the overall capabilities and the range of ADOM versions available.

    2. ADOM version: An ADOM in FortiManager is a logical partition that allows for the separate management of devices and policies. Each ADOM is assigned to a specific version, which aligns with a particular FortiOS syntax version. This alignment ensures that the features and configurations within the ADOM are compatible with the devices it manages.

    3. FortiOS version: This is the firmware version running on Fortinet devices, such as FortiGate firewalls. The FortiOS version dictates the features and configurations available on the device.

    By understanding the way these versions interact, you can effectively manage your Fortinet environment, ensuring compatibility and optimal performance across the FortiManager, ADOMs, and FortiOS versions.

    Relationship between FortiManager and ADOM versions:

    • A single FortiManager instance can support multiple ADOMs, each potentially set to different versions.

    • The range of ADOM versions that FortiManager can support depends on its own version. For example, FortiManager 7.6.1 can support ADOM versions 7.6, 7.4 and 7.2.

    Relationship between ADOM and FortiGate versions:

    • An ADOM's version determines which FortiOS versions it can manage. For instance, in FortiManager 7.6.1 an ADOM set to version 7.4 can manage devices running FortiOS 7.4 and 7.2.

    • This compatibility ensures that configurations and policies within the ADOM are appropriate for the device's firmware.

    Previous
    Next

    ADOM versions

    ADOM versions

    Each ADOM created on FortiManager has its own version. The version of an ADOM refers to the specific FortiOS version that the ADOM’s central database is aligned with. For example, a version 7.6 ADOM uses FortiOS 7.6 syntax, and its Policy & Objects are based on FortiOS 7.6.

    The ADOM version defines the features, configuration options, and policies that are available within that ADOM:

    Firmware compatibility

    The ADOM version aligns with a specific FortiOS firmware version (for example, 7.2, 7.4, and 7.6), ensuring that devices running a compatible FortiOS version can be managed within that ADOM.

    This is important because different FortiOS versions may have different features, commands, or configurations, so the ADOM version must match to enable proper management.
    FortiOS feature set

    Each FortiOS version may introduce new features, security policies, or configuration settings. By setting the ADOM to a specific version, you define the feature set available to that ADOM, limiting the options to those compatible with the selected FortiOS version.
    Version control

    Using versioned ADOMs allows for consistent policy and configuration management across devices within the same ADOM, ensuring they all operate within the same FortiOS environment.
    FortiOS device allocation

    Only devices running a FortiOS version compatible with the ADOM’s version can be assigned to that ADOM, helping avoid misconfigurations or conflicts. See FortiOS version support by ADOM version.
    ADOM version upgrades

    ADOMs can be upgraded to support newer FortiOS versions, allowing you to adopt the latest features and improvements as devices in that ADOM are upgraded.

    When planning upgrades, it’s essential to ensure that the FortiManager version supports the desired ADOM versions and that those ADOM versions are compatible with the FortiOS versions on your devices. See Upgrading an ADOM and Understanding the relationships between versions.

    Managing devices on different firmware versions

    Some ADOM versions can also manage FortiGate devices that are on earlier or later firmware versions. For example, in 7.6.1, the 7.4 ADOM can manage FortiGate devices on firmware versions 7.4.x and 7.2.x.

    Fig 1: Supported FortiOS versions for each FortiManager 7.6.1 ADOM version

    When the ADOM is managing devices on earlier or later firmware versions, it does not include the exact FortiOS syntax for those versions, and instead uses a “downgrade” and “upgrade” mechanism to adapt to different versions of FortiOS syntax as needed.

    For example:

    Configuration upgrade

     If you install policies to a device with a higher FortiOS version than the ADOM version, FortiManager will leverage its upgrade capability.

    Automatic upgrade of CLI syntax is handled as follows:

    1. New CLI syntax that exists in the higher FortiGate version but not in the ADOM's version is not used.

    2. Modified CLI syntax is upgraded to the higher version's CLI syntax and used.

    3. Deleted CLI syntax is not installed to the higher version FortiGate.
    Configuration downgrade

     If you install policies to a device with a lower FortiOS version, FortiManager will leverage its downgrade capability.

    Automatic downgrade of CLI syntax is handled as follows:

    1. New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.

    2. Modified CLI syntax is reverted to the previous version's CLI syntax and used.

    3. Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.

    The upgrade and downgrade process is performed on a best-effort basis. If FortiManager supports the necessary downgrade or upgrade capabilities for the target FortiOS versions, then the ADOM can manage devices with those versions. See FortiOS version support by ADOM version.

    Tooltip

    While some ADOM versions can manage multiple FortiOS versions, it’s generally recommended to minimize version discrepancies to avoid potential compatibility issues.

    It is not recommended to permanently leave devices on earlier or later firmware versions within the ADOM due to the restrictions the ADOM may have by not sharing the exact FortiOS syntax. For example, you cannot use features from higher firmware version, such as templates that reference syntax from the higher version.

    FortiOS version support by ADOM version

    The table below outlines the FortiOS versions that can be managed by each ADOM version in FortiManager 7.6.1, including the ability to install and import configurations to and from FortiGate devices on that version.

    ADOM version support can change between each release as additional support is added so it is recommended that you view the table below for your specific FortiManager version to see the firmware versions that are supported by each ADOM version.

    Supported ADOM versions in FortiManager 7.6.1:

    FortiOS Version

    ADOM Versions

    ADOM 7.6

    ADOM 7.4

    ADOM 7.2

    Install

    Import

    Install

    Import

    Install

    Import
    7.6.x ü ü X X X X
    7.4.x X X ü ü ü ü
    7.2.x X X ü ü ü ü
    Tooltip

    The versions that each ADOM is able to support is also based on the FortiManager firmware version's overall compatibility with other products. For example:

    • In FortiManager 7.4.5, the 7.2 ADOM can include devices on FortiOS 7.0.x.

    • In FortiManager 7.6.1, the 7.2 ADOM can not include FortiOS 7.0.x devices because FortiManager 7.6.1 is not compatible with FortiOS 7.0.x.

    For information on devices supported by your FortiManager firmware version, see the FortiManager Release Notes.

    Note

    New ADOM versions introduced to FortiManager will initially only support FortiOS on matching firmware versions. Additional upgrade/downgrade configuration support is typically added within one or two patch versions.

    Understanding the relationships between versions

    When using ADOMs in FortiManager, there are three different versions to be aware of:

    1. FortiManager version: This is the software version of the FortiManager system itself, which determines the overall capabilities and the range of ADOM versions available.

    2. ADOM version: An ADOM in FortiManager is a logical partition that allows for the separate management of devices and policies. Each ADOM is assigned to a specific version, which aligns with a particular FortiOS syntax version. This alignment ensures that the features and configurations within the ADOM are compatible with the devices it manages.

    3. FortiOS version: This is the firmware version running on Fortinet devices, such as FortiGate firewalls. The FortiOS version dictates the features and configurations available on the device.

    By understanding the way these versions interact, you can effectively manage your Fortinet environment, ensuring compatibility and optimal performance across the FortiManager, ADOMs, and FortiOS versions.

    Relationship between FortiManager and ADOM versions:

    • A single FortiManager instance can support multiple ADOMs, each potentially set to different versions.

    • The range of ADOM versions that FortiManager can support depends on its own version. For example, FortiManager 7.6.1 can support ADOM versions 7.6, 7.4 and 7.2.

    Relationship between ADOM and FortiGate versions:

    • An ADOM's version determines which FortiOS versions it can manage. For instance, in FortiManager 7.6.1 an ADOM set to version 7.4 can manage devices running FortiOS 7.4 and 7.2.

    • This compatibility ensures that configurations and policies within the ADOM are appropriate for the device's firmware.

    Previous
    Next