Fortinet black logo

Administration Guide

Handling connection attempts from unauthorized devices

The built-in FDS replies to FortiGuard update and query connections from devices authorized for central management by FortiManager. If the FortiManager is configured to allow connections from unauthorized devices, unauthorized devices can also connect.

For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its GUI), but use the FortiManager system when the FortiGate unit requests FortiGuard antivirus and IPS updates. In this case, the FortiManager system considers the FortiGate unit to be an unauthorized device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI.

To configure connection attempt handling:
  1. From the toolbar, open the CLI Console, or connect to the FortiManager with terminal emulation software.
  2. To configure the system to add unauthorized devices and allow service requests, enter the following command:

    config system admin setting

    set unreg_dev_opt add_allow_service

    end

  3. To configure the system to add unauthorized devices but deny service requests, enter the following command:

    config system admin setting

    set unreg_dev_opt add_no_service

    end

For more information, see the FortiManager CLI Reference.

The built-in FDS replies to FortiGuard update and query connections from devices authorized for central management by FortiManager. If the FortiManager is configured to allow connections from unauthorized devices, unauthorized devices can also connect.

For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its GUI), but use the FortiManager system when the FortiGate unit requests FortiGuard antivirus and IPS updates. In this case, the FortiManager system considers the FortiGate unit to be an unauthorized device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI.

To configure connection attempt handling:
  1. From the toolbar, open the CLI Console, or connect to the FortiManager with terminal emulation software.
  2. To configure the system to add unauthorized devices and allow service requests, enter the following command:

    config system admin setting

    set unreg_dev_opt add_allow_service

    end

  3. To configure the system to add unauthorized devices but deny service requests, enter the following command:

    config system admin setting

    set unreg_dev_opt add_no_service

    end

For more information, see the FortiManager CLI Reference.