Administration Guide

Setting up FortiManager
- Connecting to the GUI
  - FortiManager Setup wizard
  - Activating VM licenses
- Security considerations
- GUI overview
- FortiAnalyzer Features
  - Enable or disable FortiAnalyzer features
- Initial setup
- Restarting and shutting down
FortiManager Key Concepts
- Communication through protocols
- Configuration through Device Manager
- ADOMs and devices
- Operations
- Key features of the FortiManager system
Dashboard
- Customizing the dashboard
- System Information widget
- System Resources widget
- License Information widget
- Unit Operation widget
- Alert Messages Console widget
- Log Receive Monitor widget
- Insert Rate vs Receive Rate widget
- Log Insert Lag Time widget
- Receive Rate vs Forwarding Rate widget
- Disk I/O widget
- Device widgets
- Restart, shut down, or reset FortiManager
Device Manager
- ADOMs
- Device & Groups
- Scripts
- Provisioning Templates
- Firmware templates
- Monitors
- FortiMeter
- FortiGate chassis devices
  - Viewing chassis dashboard
Policy & Objects
- About policies
  - Policy theory
  - Global policy packages
- Policy workflow
  - Provisioning new devices
  - Day-to-day management of devices
- Feature visibility
- Managing policy packages
- Managing policies
- Using Policy Blocks
- Managing objects and dynamic objects
- ADOM revisions
SD-WAN Manager
- SD-WAN Network
  - SD-WAN Devices
  - SD-WAN Monitor
- SD-WAN Templates
- SD-WAN overlay orchestration
- SD-WAN rules
AP Manager
- Managed FortiAPs
- WiFi Maps
  - Google map
  - Floor map
- WiFi profiles and settings for central management
- WiFi profiles and settings for per-device management
  - Enabling FortiAP per-device management
  - Creating profiles
VPN Manager
- Overview
- Enabling central VPN management
- DDNS support
- VPN Setup Wizard supports device groups
- IPsec VPN
- SSL VPN
- VPN security policies
  - Defining policy addresses
  - Defining security policies
Fabric View
- Security Fabric Topology
- Security Rating
  - Viewing Security Fabric Ratings
  - Security Fabric score
- Fabric Connectors
  - Core Network Security
    - Creating FortiClient EMS connectors
- External Connectors
- Cloud Orchestration
FortiAI
- Enabling administrator access to FortiAI
- Using FortiAI
- FortiAI data privacy
- FortiAI tokens
- FortiAI example tasks
FortiGuard
- Device licenses
  - View licensing status
- Package management
- Query services
- Firmware images
- External resources
- Settings
- Enabling FDN third-party SSL validation and Anycast support
- Configuring devices to use the built-in FDS
  - Handling connection attempts from unauthorized devices
  - Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
- Configuring FortiGuard services
- Logging events related to FortiGuard services
  - Logging FortiGuard antivirus and IPS updates
  - Logging FortiGuard web or email filter events
- Restoring the URL or antispam database
FortiSwitch Manager
- Managed FortiSwitches
- FortiSwitch central management
  - Enabling FortiSwitch central management
  - FortiSwitch Templates
- FortiSwitch per-device management
Extender Manager
- Managed extenders
  - Managing FortiExtender devices
- Extender profiles
System Settings
- Logging Topology
- Network
- RAID Management
- Administrative Domains (ADOMs)
- Fabric Management
- Certificates
- Event Log
  - Event log filtering
- Task Monitor
- Mail Server
- Syslog Server
  - Send local logs to syslog server
- Meta Fields
- Device logs
  - Configuring rolling and uploading of logs using the GUI
  - Configuring rolling and uploading of logs using the CLI
- File Management
- Miscellaneous Settings
Administrators
- Trusted hosts
- Monitoring administrators
- Disconnecting administrators
- Managing administrator accounts
- Restricted administrators
- Administrator profiles
- Workspace
- Authentication
- Global administration settings
- Multi-factor authentication
  - Multi-factor authentication with FortiAuthenticator
    - Configuring FortiAuthenticator
    - Configuring FortiManager
  - Multi-factor authentication with FortiToken Cloud
High Availability
- Synchronizing the FortiManager configuration and HA heartbeat
- If the primary or a backup unit fails
- FortiManager HA cluster startup steps
- Configuring HA options
- Monitoring HA status
- Upgrading the FortiManager firmware for an operating cluster
Management Extensions
- FortiAIOps MEA
- FortiSigConverter MEA
- FortiSOAR MEA
- FortiWLM MEA
- Policy Analyzer MEA
- Universal Connector MEA
- Enabling management extension applications
  - CLI for management extensions
- Accessing management extension logs
- Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Policy ID support
Appendix C - Re-establishing the FGFM tunnel after VM license migration
Appendix D - FortiManager Ansible Collection documentation
Appendix E - FortiAI token entitlements for FortiManager
Change Log

Home FortiManager 7.6.1 Administration Guide

7.6.1

External resources

FortiManager allows external resources to be uploaded in order to support FortiManager hosted resources for threat feeds.

After external resources are uploaded to FortiManager, they can be used in threat feeds using the following format as the URI of the resource: fmg://<filename>.

For example, if you have uploaded a resource called exresource1.txt to FortiManager, the URI would be fmg://exresource1.txt.

For more information on threat feeds, see Threat Feeds.

To upload an external resource to FortiManager:

Go to FortiGuard > External Resource.
Click Import in the toolbar.
Drag and drop a file into the selection window or browse to your file location.
Click OK. Uploaded files are displayed in the External Resources table and can be edited directly in the FortiManager GUI.

To edit external resource file content:

In the external resource file list, select a file and do one of the following:
1. Click Edit in the toolbar.
2. Right-click and select Edit from the context menu.
The content of the file is displayed and can be edited directly in the Content pane.
Click OK to save changes to the external resource.

To create a threat feed using a FortiManager hosted resource:

Go to Policy & Objects > Security Fabric > Threat Feeds.

If the Threat Feeds tab is not visible, it must first be enabled in Tools > Feature Visibility. You can also create Threat Feeds in Fabric View > External Connectors.

Create a new threat feed.
Select the threat feed type. For example, if the uploaded file is a list of IP addresses, you must select Type > IP Address.
In the URI of External Resource field, define the file using the following format: fmg://filename.
Once the threat feed is created, you can use it in a policy and install it to a device. In the example below, the threat feed is used in a DNS Filter in Policy & Objects > Security Profiles > DNS Filter. The DNS Filter is applied to a policy and installed to the managed FortiGate.
Details about the threat feed can be viewed on FortiGate.
1. On FortiGate, go to Security Fabric > External Connectors. The content can be refreshed automatically or manually on this page.
2. Click View Entries to see the content from the external resource.