Configuring FortiManager
When a FortiManager device is added to the Security Fabric, it automatically synchronizes with any connected downstream devices.
To add a FortiManager to the Security Fabric, configure it on the root FortiGate. The root FortiGate then pushes this configuration to downstream FortiGate devices. The FortiManager provides remote management of FortiGate devices over TCP port 541. The FortiManager must have internet access for it to join the Security Fabric.
Once configured, the FortiGate can receive antivirus and IPS updates, and allows remote management through FortiManager or the FortiGate Cloud service. The FortiGate management option must be enabled so that the FortiGate can accept management updates to its firmware and FortiGuard services.
To add a FortiManager to the Security Fabric using the CLI:
config system central-management
set type fortimanager
set fmg {<IP_address> | <FQDN_address>}
end
To add a FortiManager to the Security Fabric using the GUI:
- On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the FortiManager card.
- For Status, click Enable.
- For Type, click On-Premise.
- Enter the IP/Domain Name of the FortiManager.
- Click OK.
- On the FortiManager, go to Device Manager and find the FortiGate in the Unauthorized Devices list.
- Select the FortiGate device or devices, and click Authorize in the toolbar.
- In the Authorize Device pop-up, adjust the device names as needed, then click OK.
For more information about using FortiManager, see the FortiManager Administration Guide.