config system central-management
Configure central management.
config system central-management
Description: Configure central management.
set allow-monitor [enable|disable]
set allow-push-configuration [enable|disable]
set allow-push-firmware [enable|disable]
set allow-remote-firmware-upgrade [enable|disable]
set allow-remote-lte-firmware-upgrade [enable|disable]
set ca-cert {user}
set enc-algorithm [default|high|...]
set fmg {user}
set fmg-source-ip {ipv4-address}
set fmg-source-ip6 {ipv6-address}
set fmg-update-port [8890|443]
set include-default-servers [enable|disable]
set interface {string}
set interface-select-method [auto|sdwan|...]
set local-cert {string}
set ltefw-upgrade-frequency [everyHour|every12hour|...]
set ltefw-upgrade-time {string}
set mode [normal|backup]
set schedule-config-restore [enable|disable]
set schedule-script-restore [enable|disable]
set serial-number {user}
config server-list
Description: Additional severs that the FortiGate can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
edit <id>
set id {integer}
set server-type {option1}, {option2}, ...
set addr-type [ipv4|ipv6|...]
set server-address {ipv4-address}
set server-address6 {ipv6-address}
set fqdn {string}
next
end
set type [fortimanager|fortiguard|...]
set use-elbc-vdom [enable|disable]
set vdom {string}
end
config system central-management
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
allow-monitor |
Enable/disable allowing the central management server to remotely monitor this FortiGate |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
allow-push-configuration |
Enable/disable allowing the central management server to push configuration changes to this FortiGate. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
allow-push-firmware |
Enable/disable allowing the central management server to push firmware updates to this FortiGate. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
allow-remote-firmware-upgrade |
Enable/disable remotely upgrading the firmware on this FortiGate from the central management server. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
allow-remote-lte-firmware-upgrade * |
Enable/disable remotely upgrading the lte firmware on this FortiGate from the central management server. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
ca-cert |
CA certificate to be used by FGFM protocol. |
user |
Not Specified |
|
||||||||||
|
enc-algorithm |
Encryption strength for communications between the FortiGate and central management. |
option |
- |
high |
||||||||||
|
|
|
|||||||||||||
|
fmg |
IP address or FQDN of the FortiManager. |
user |
Not Specified |
|
||||||||||
|
fmg-source-ip |
IPv4 source address that this FortiGate uses when communicating with FortiManager. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||||
|
fmg-source-ip6 |
IPv6 source address that this FortiGate uses when communicating with FortiManager. |
ipv6-address |
Not Specified |
:: |
||||||||||
|
fmg-update-port |
Port used to communicate with FortiManager that is acting as a FortiGuard update server. |
option |
- |
8890 |
||||||||||
|
|
|
|||||||||||||
|
include-default-servers |
Enable/disable inclusion of public FortiGuard servers in the override server list. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
interface |
Specify outgoing interface to reach server. |
string |
Not Specified |
|
||||||||||
|
interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||||
|
|
|
|||||||||||||
|
local-cert |
Certificate to be used by FGFM protocol. |
string |
Not Specified |
|
||||||||||
|
ltefw-upgrade-frequency * |
Set LTE firmware auto pushdown frequency. |
option |
- |
|
||||||||||
|
|
|
|||||||||||||
|
ltefw-upgrade-time * |
Schedule next LTE firmware upgrade time (Local Time). Format: YYYY-MM-DD HH:MM:SS |
string |
Not Specified |
|
||||||||||
|
mode |
Central management mode. |
option |
- |
normal |
||||||||||
|
|
|
|||||||||||||
|
schedule-config-restore |
Enable/disable allowing the central management server to restore the configuration of this FortiGate. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
schedule-script-restore |
Enable/disable allowing the central management server to restore the scripts stored on this FortiGate. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
serial-number |
Serial number. |
user |
Not Specified |
|
||||||||||
|
type |
Central management type. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
use-elbc-vdom * |
Enable/disable use of special ELBC config sync VDOM to connect to FortiManager. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
vdom |
Virtual domain (VDOM) name to use when communicating with FortiManager. |
string |
Not Specified |
root |
||||||||||
* This parameter may not exist in some models.
config server-list
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
|
server-type |
FortiGuard service type. |
option |
- |
|
||||||||
|
|
|
|||||||||||
|
addr-type |
Indicate whether the FortiGate communicates with the override server using an IPv4 address, an IPv6 address or a FQDN. |
option |
- |
ipv4 |
||||||||
|
|
|
|||||||||||
|
server-address |
IPv4 address of override server. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
server-address6 |
IPv6 address of override server. |
ipv6-address |
Not Specified |
:: |
||||||||
|
fqdn |
FQDN address of override server. |
string |
Not Specified |
|
||||||||