config system central-management
Configure central management.
config system central-management
Description: Configure central management.
set mode [normal|backup]
set type [fortimanager|fortiguard|...]
set schedule-config-restore [enable|disable]
set schedule-script-restore [enable|disable]
set allow-push-configuration [enable|disable]
set allow-push-firmware [enable|disable]
set allow-remote-firmware-upgrade [enable|disable]
set allow-monitor [enable|disable]
set serial-number {user}
set fmg {user}
set fmg-source-ip {ipv4-address}
set fmg-source-ip6 {ipv6-address}
set local-cert {string}
set ca-cert {user}
set vdom {string}
config server-list
Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
edit <id>
set server-type {option1}, {option2}, ...
set addr-type [ipv4|ipv6|...]
set server-address {ipv4-address}
set server-address6 {ipv6-address}
set fqdn {string}
next
end
set fmg-update-port [8890|443]
set include-default-servers [enable|disable]
set enc-algorithm [default|high|...]
set interface-select-method [auto|sdwan|...]
set interface {string}
end
config system central-management
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
mode |
Central management mode. |
option |
- |
normal |
||||||||
|
|
|||||||||||
type |
Central management type. |
option |
- |
none |
||||||||
|
|
|||||||||||
schedule-config-restore |
Enable/disable allowing the central management server to restore the configuration of this FortiGate. |
option |
- |
enable |
||||||||
|
|
|||||||||||
schedule-script-restore |
Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. |
option |
- |
enable |
||||||||
|
|
|||||||||||
allow-push-configuration |
Enable/disable allowing the central management server to push configuration changes to this FortiGate. |
option |
- |
enable |
||||||||
|
|
|||||||||||
allow-push-firmware |
Enable/disable allowing the central management server to push firmware updates to this FortiGate. |
option |
- |
enable |
||||||||
|
|
|||||||||||
allow-remote-firmware-upgrade |
Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. |
option |
- |
enable |
||||||||
|
|
|||||||||||
allow-monitor |
Enable/disable allowing the central management server to remotely monitor this FortiGate unit. |
option |
- |
enable |
||||||||
|
|
|||||||||||
serial-number |
Serial number. |
user |
Not Specified |
|
||||||||
fmg |
IP address or FQDN of the FortiManager. |
user |
Not Specified |
|
||||||||
fmg-source-ip |
IPv4 source address that this FortiGate uses when communicating with FortiManager. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
fmg-source-ip6 |
IPv6 source address that this FortiGate uses when communicating with FortiManager. |
ipv6-address |
Not Specified |
:: |
||||||||
local-cert |
Certificate to be used by FGFM protocol. |
string |
Maximum length: 35 |
|
||||||||
ca-cert |
CA certificate to be used by FGFM protocol. |
user |
Not Specified |
|
||||||||
vdom |
Virtual domain (VDOM) name to use when communicating with FortiManager. |
string |
Maximum length: 31 |
root |
||||||||
fmg-update-port |
Port used to communicate with FortiManager that is acting as a FortiGuard update server. |
option |
- |
8890 |
||||||||
|
|
|||||||||||
include-default-servers |
Enable/disable inclusion of public FortiGuard servers in the override server list. |
option |
- |
enable |
||||||||
|
|
|||||||||||
enc-algorithm |
Encryption strength for communications between the FortiGate and central management. |
option |
- |
high |
||||||||
|
|
|||||||||||
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||
|
|
|||||||||||
interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
config server-list
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
server-type |
FortiGuard service type. |
option |
- |
|
||||||||
|
|
|||||||||||
addr-type |
Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. |
option |
- |
ipv4 |
||||||||
|
|
|||||||||||
server-address |
IPv4 address of override server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
server-address6 |
IPv6 address of override server. |
ipv6-address |
Not Specified |
:: |
||||||||
fqdn |
FQDN address of override server. |
string |
Maximum length: 255 |
|