Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

system management-tunnel

system management-tunnel

Use this command to configure the remote management tunnel that is required by some FortiGuard Analysis and Management Service remote administration features, such as the real-time monitor, and which remote management actions the FortiGate unit will allow from the FortiGuard Analysis and Management Service.

To complete remote management setup with FortiGuard Analysis and Management Service, also configure their required settings, such as providing the service account ID. For details about enabling remote administration and remote management connections initiated by the FortiGate unit rather than the FortiGuard Analysis and Management Service, see the system fortiguard command.

config system management-tunnel
    set status {enable | disable}   Enable/disable FGFM tunnel.
    set allow-config-restore {enable | disable}   Enable/disable allow config restore.
    set allow-push-configuration {enable | disable}   Enable/disable push configuration.
    set allow-push-firmware {enable | disable}   Enable/disable push firmware.
    set allow-collect-statistics {enable | disable}   Enable/disable collection of run time statistics.
    set authorized-manager-only {enable | disable}   Enable/disable restriction of authorized manager only.
    set serial-number {string}   Serial number.
end

Additional information

The following section is for those options that require additional explanation.

allow-collect-statistics {enable | disable}

Enable (default) or disable real-time monitor SNMP polls through the tunnel.

This option appears only if status is set to enable.

allow-config-restore {enable | disable}

Enable (default) or disable the ability to perform a remote restoration of a previous configuration.

This option appears only if status is set to enable.

allow-push-configuration {enable | disable}

Enable (default) or disable remote configuration.

This option appears only if status is set to enable.

allow-push-firmware {enable | disable}

Enable (default) or disable remote firmware upgrades.

This option appears only if status is set to enable.

authorized-manager-only {enable | disable}

Enable (default) or disable whether remote management is restricted to the FortiManager units with the serial numbers that you specified in serial-number.

This option appears only if status is set to enable.

serial-number <serial_numbers>

Enter up to five serial numbers of FortiManager units that are authorized to remotely manage this FortiGate unit. Separate multiple serial numbers with spaces.

This option appears only if status and authorized-manager-only are set to enable.

status {enable | disable}

Enable (default) or disable the SSL-secured management tunnel between the FortiGate unit and FortiGuard Analysis and Management Service.

Previous
Next

system management-tunnel

Use this command to configure the remote management tunnel that is required by some FortiGuard Analysis and Management Service remote administration features, such as the real-time monitor, and which remote management actions the FortiGate unit will allow from the FortiGuard Analysis and Management Service.

To complete remote management setup with FortiGuard Analysis and Management Service, also configure their required settings, such as providing the service account ID. For details about enabling remote administration and remote management connections initiated by the FortiGate unit rather than the FortiGuard Analysis and Management Service, see the system fortiguard command.

config system management-tunnel
    set status {enable | disable}   Enable/disable FGFM tunnel.
    set allow-config-restore {enable | disable}   Enable/disable allow config restore.
    set allow-push-configuration {enable | disable}   Enable/disable push configuration.
    set allow-push-firmware {enable | disable}   Enable/disable push firmware.
    set allow-collect-statistics {enable | disable}   Enable/disable collection of run time statistics.
    set authorized-manager-only {enable | disable}   Enable/disable restriction of authorized manager only.
    set serial-number {string}   Serial number.
end

Additional information

The following section is for those options that require additional explanation.

allow-collect-statistics {enable | disable}

Enable (default) or disable real-time monitor SNMP polls through the tunnel.

This option appears only if status is set to enable.

allow-config-restore {enable | disable}

Enable (default) or disable the ability to perform a remote restoration of a previous configuration.

This option appears only if status is set to enable.

allow-push-configuration {enable | disable}

Enable (default) or disable remote configuration.

This option appears only if status is set to enable.

allow-push-firmware {enable | disable}

Enable (default) or disable remote firmware upgrades.

This option appears only if status is set to enable.

authorized-manager-only {enable | disable}

Enable (default) or disable whether remote management is restricted to the FortiManager units with the serial numbers that you specified in serial-number.

This option appears only if status is set to enable.

serial-number <serial_numbers>

Enter up to five serial numbers of FortiManager units that are authorized to remotely manage this FortiGate unit. Separate multiple serial numbers with spaces.

This option appears only if status and authorized-manager-only are set to enable.

status {enable | disable}

Enable (default) or disable the SSL-secured management tunnel between the FortiGate unit and FortiGuard Analysis and Management Service.

Previous
Next