Document
Library
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiProxy
NOC & SOC Management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
/
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
/
FortiVoice Cloud
FortiRecorder
/
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
/
FortiWeb Cloud
FortiADC
/
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
/
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
/
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
/
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Curated links by solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Define, Design, Deploy, Demo
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Search documents and hardware ...
Administration Guide
Setting up FortiManager
Connecting to the GUI
Security considerations
Restricting GUI access by trusted host
Other security considerations
GUI overview
Panes
Color themes
Full-screen mode
Switching between ADOMs
Using the right-click menu
Avatars
Showing and hiding passwords
FortiAnalyzer Features
Enable or disable FortiAnalyzer features
Configuring FortiManager appliances
Adding devices
Installing to managed devices
Enabling central management
Monitoring managed devices
Restarting and shutting down
FortiManager Key Concepts
FortiManager modules
Modules for FortiAnalyzer feature set
Object database and FortiManager modules
Inside the FortiManager system
Communication protocols and devices
Object database and devices
ADOMs and devices
Operations
Key features of the FortiManager system
Security Fabric
Configuration revision control and tracking
Centralized management
Administrative domains
Local FortiGuard service provisioning
Firmware management
Scripting
Logging and reporting
Fortinet device life cycle management
Firewall Devices
ADOMs
Adding devices
Adding devices using the wizard
Adding a device using Discover mode
Adding a model device
Authorizing devices
Hiding unauthorized devices
Example of adding a model device by pre-shared key
Example of adding a model device by serial number
Add a VDOM to a device
Adding a Security Fabric group
Import policy wizard
Adding FortiAnalyzer devices
Adding FortiAnalyzer devices with the wizard
Viewing policy rules
Importing devices
Importing detected devices
Importing and exporting device lists
Configuring devices
Configuring a device
Firewall policy reordering on first installation
Out-of-Sync device
Configuring VDOMs
Creating and editing virtual domains
Configuring inter-VDOM routing
Deleting a virtual domain
Using the device dashboard
View system dashboard for managed/logging devices
To view the dashboard for managed/logging devices:
Dashboard toolbar
Display Options
View system interfaces
CLI Configurations menu
System dashboard widgets
Installing to devices
Using the Install Wizard to install policy packages and device settings
Using the Install Wizard to install device settings only
View a policy package diff
Managing devices
Using the quick status bar
Customizing columns
Refreshing a device
Editing device information
Deleting a device
Replacing a managed device
Setting unauthorized device options
Using the CLI console for managed devices
Displaying Security Fabric topology
Manage Devices from Map View
Managing device configurations
View configurations for device groups
Checking device configuration status
Managing configuration revision history
Downloading and importing a configuration file
Comparing different configuration files
Device groups
Default device groups
Add device groups
Manage device groups
Firmware
View firmware for device groups
Upgrade firmware for device groups
Firmware Management
Automatic multi-step firmware upgrade on FortiGate
Managed devices pull firmware from FortiGuard
License
View licenses for device groups
License Management
Add-on license
Provisioning Templates
System templates
Threat Weight templates
Certificate templates
Scripts
Enabling scripts
Configuring scripts
Run a script
Add a script
Edit a script
Clone a script
Delete a script
Export a script
Import a script
Schedule a script
CLI script group
Script syntax
Script history
Script samples
CLI scripts
Tcl scripts
Use Tcl script to access FortiManager’s device database or ADOM database
SD-WAN
Enabling central SD-WAN management
Interface members
SD-WAN templates
Health-Check Servers
Assigned devices
Monitor SD-WAN
IPsec VPN Wizard
Configure BGP Neighbor
FortiExtender
To edit a FortiExtender:
FortiMeter
FortiOS VMs
FortiWeb VMs
Overview
Points
Authorizing metered VMs
Authorizing FortiOS VMs
Authorizing FortiWeb VMs
Monitoring VMs
FortiGate chassis devices
Viewing chassis dashboard
Firewall Policy & Objects
About policies
Policy theory
Global policy packages
Policy workflow
Provisioning new devices
Day-to-day management of devices
Display options
Managing policy packages
Create new policy packages
Create new policy package folders
Edit a policy package or folder
Clone a policy package
Remove a policy package or folder
Assign a global policy package
Install a policy package
Reinstall a policy package
Schedule a policy package install
Export a policy package
Policy package installation targets
Perform a policy consistency check
View logs related to a policy rule
Find and replace objects
Managing policies
Column options
Policy search and filter
Policy hit count
Policy Lookup
Creating policies
Editing policies
Object selector
Drag and drop objects
Install policies only to specific devices
Configuring policy details
Creating Policy Blocks
IP policies
Create New Firewall Policy
Create New Security Policy
Virtual wire pair policy
NAT policies
Proxy policy
Central SNAT
Central DNAT
DoS policies
Interface policies
Multicast policy
Local in policies
Traffic shaping policy
Managing objects and dynamic objects
Create a new object
Color code an object
Support FQDN address objects in firewall policies
Creating an IPv6 Address Template
Promote an Object to Global Database
Map a dynamic ADOM object
Map a dynamic device object
Create a Local Certificate
Create a VPN Tunnel
Map a dynamic device group
Remove an object
Edit an object
Push to device
Clone an object
Search objects
Find unused objects
Find and merge duplicate objects
Export signatures to CSV file format
CLI Configurations
FortiToken configuration example
FSSO user groups
Interface mapping
VIP mapping
Modify existing interface-zone mapping
Create a new shaping profile
ADOM revisions
Fabric View
Security Fabric Topology
Physical Topology
Logical Topology
Filter Topology Views
Search Topology Views
Security Rating
Enabling the Security Rating tab
Viewing Security Fabric Ratings
Fabric Connectors
SDN
Creating ACIÂ fabric connectors
Creating AWSÂ fabric connectors
Creating Microsoft Azure fabric connectors
Creating VMware NSXÂ fabric connectors
Creating VMware NSX-T connector
Creating Nuage fabric connectors
Importing address names to fabric connectors
Configuring dynamic firewall addresses for fabric connectors
Configuring virtual wire pairs
Creating Horizon connector
Creating Oracle Cloud Infrastructure (OCI) connector
Creating VMWare ESXi connector
Creating Kubernetes connector
Creating Alibaba Cloud Service connector
Creating Google Cloud Platform connector
Threat Feeds
Creating threat feed connectors
SSO/Identity
Creating Active Directory connectors
Creating FSSO connectors
Creating RADIUSÂ connectors
Creating Cisco pxGrid connector
Creating ClearPass connector
Creating VMware NSX-TÂ connector
SOC Monitoring
Monitors
Device Status
Using the Monitors dashboard
Customizing the Monitors dashboard
VPN
Overview
Enabling central VPN management
DDNS support
VPN Setup Wizard supports device groups
IPsec VPN Communities
Managing IPsec VPN communities
Creating IPsec VPN communities
VPN community settings
View IPsec VPN community details
Editing an IPsec VPN community
Deleting VPN communities
Monitoring IPsec VPN tunnels
Map View
IPsec VPN gateways
Managing VPN gateways
Creating managed gateways
Creating external gateways
Editing an IPsec VPN gateway
Deleting VPN gateways
VPN security policies
Defining policy addresses
Defining security policies
SSL VPN
Manage SSL VPNs
Creating SSL VPNs
Editing SSL VPNs
Deleting SSL VPNs
Portal profiles
Creating SSL VPN portal profiles
Predefined bookmarks
Editing portal profiles
Deleting portal profiles
Monitor SSL VPNs
Access Points
Managed APs
Quick status bar
Managing APs
FortiAP groups
Authorizing and deauthorizing FortiAP devices
Assigning profiles to FortiAP devices
Rogue APs
Connected clients
Monitor
Clients Monitor
Health Monitor
Map view
Google map
Floor map
WiFi profiles
AP profiles
SSIDs
Creating SSIDs
WIDS profiles
Bluetooth profiles
QoS profiles
Bonjour profiles
FortiSwitch Manager
Managed Switches
Quick status bar
Managing FortiSwitches
Editing switches
Deleting switches
Authorizing and deauthorizing FortiSwitch devices
Upgrading firmware for managed switches
Using zero-touch deployment for FortiSwitch
Installing changes to managed switches
Monitor
FortiSwitch Templates for central management
Enabling FortiSwitch central management
FortiSwitch Templates
Accessing FortiSwitch templates
Creating FortiSwitch templates
Importing FortiSwitch templates
Creating FortiSwitch VLANs
FortiSwitch security policies
Creating FortiSwitch security policies
Assigning templates to FortiSwitch devices
FortiSwitch Profiles for per-device management
Enabling per-device management
FortiSwitch profiles
Creating VLANs
Creating security policies
Creating LLDP profiles
Creating QoS policies
Configuring a port on a single FortiSwitch
Endpoint Compliance
How FortiManager fits into endpoint compliance
FortiTelemetry
Viewing devices
Enabling FortiTelemetry on interfaces
Enabling endpoint control on interfaces
Assigning FortiClient profile packages to devices
Monitor
Monitoring FortiClient endpoints
Monitoring FortiClient endpoints by compliance status
Monitoring FortiClient endpoints by interface
Exempting non-compliant FortiClient endpoints
FortiClient profiles
Viewing profile packages
Viewing FortiClient profiles
Creating FortiClient profile packages
Creating FortiClient profiles
Editing FortiClient profiles
Deleting FortiClient profiles
Importing FortiClient profiles
Assigning profile packages
Device Firmware and Security Updates
Settings
Connecting the built-in FDS to the FDN
Operating as an FDS in a closed network
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unauthorized devices
Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
Configuring FortiGuard services
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
Scheduling updates
Accessing public FortiGuard web and email filter servers
Logging events related to FortiGuard services
Logging FortiGuard antivirus and IPS updates
Logging FortiGuard web or email filter events
Restoring the URL or antispam database
Licensing status
Package management
Receive status
Service status
Exporting packages example
Importing packages example
Query server management
Receive status
Query status
Exporting web filter databases example
Importing web filter databases example
Firmware images
Locks for Restricting Configuration Changes
Normal mode
Enable normal mode
Locking an ADOM
Locking a device
Locking a policy package
Workflow mode
Enable workflow mode
Workflow approval
Workflow sessions
Starting a workflow session
Saved sessions
View session diff
Discarding a session
Submitting a session
Approving or rejecting a session
Repairing a rejected session
Reverting a session
The session list
System Settings
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
System Resources widget
License Information widget
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Checking RAID from command line
Swapping hard disks
Adding hard disks
Administrative Domains
Default ADOMs
Organizing devices into ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
ADOM modes
Creating backup ADOMs
Importing objects to backup ADOMs
Viewing read-only polices in backup ADOMs
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning VDOMs to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
ADOM versions
Global database version
Concurrent ADOM access
Locking an ADOM
Upgrading an ADOM
Certificates
Local certificates
CA certificates
Certificate revocation lists
Fetcher Management
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiManager MIB fields
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Advanced Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Restricted administrators
Web Filter
Intrusion Prevention
Application Control
Administrator profiles
Permissions
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Two-factor authentication
Configuring FortiAuthenticator
Configuring FortiManager
High Availability
Synchronizing the FortiManager configuration and HA heartbeat
If the primary or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
GUI configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
Appendix A - Supported RFC Notes
Home
FortiManager 6.2.10
Administration Guide
6.2.10
7.6.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Two-factor authentication
Two-factor authentication
To configure two-factor authentication for administrators you will need the following:
FortiManager
FortiAuthenticator
FortiToken
Previous
Next
Two-factor authentication
Two-factor authentication
To configure two-factor authentication for administrators you will need the following:
FortiManager
FortiAuthenticator
FortiToken
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Setting up FortiManager
Connecting to the GUI
Security considerations
Restricting GUI access by trusted host
Other security considerations
GUI overview
Panes
Color themes
Full-screen mode
Switching between ADOMs
Using the right-click menu
Avatars
Showing and hiding passwords
FortiAnalyzer Features
Enable or disable FortiAnalyzer features
Configuring FortiManager appliances
Adding devices
Installing to managed devices
Enabling central management
Monitoring managed devices
Restarting and shutting down
FortiManager Key Concepts
FortiManager modules
Modules for FortiAnalyzer feature set
Object database and FortiManager modules
Inside the FortiManager system
Communication protocols and devices
Object database and devices
ADOMs and devices
Operations
Key features of the FortiManager system
Security Fabric
Configuration revision control and tracking
Centralized management
Administrative domains
Local FortiGuard service provisioning
Firmware management
Scripting
Logging and reporting
Fortinet device life cycle management
Firewall Devices
ADOMs
Adding devices
Adding devices using the wizard
Adding a device using Discover mode
Adding a model device
Authorizing devices
Hiding unauthorized devices
Example of adding a model device by pre-shared key
Example of adding a model device by serial number
Add a VDOM to a device
Adding a Security Fabric group
Import policy wizard
Adding FortiAnalyzer devices
Adding FortiAnalyzer devices with the wizard
Viewing policy rules
Importing devices
Importing detected devices
Importing and exporting device lists
Configuring devices
Configuring a device
Firewall policy reordering on first installation
Out-of-Sync device
Configuring VDOMs
Creating and editing virtual domains
Configuring inter-VDOM routing
Deleting a virtual domain
Using the device dashboard
View system dashboard for managed/logging devices
To view the dashboard for managed/logging devices:
Dashboard toolbar
Display Options
View system interfaces
CLI Configurations menu
System dashboard widgets
Installing to devices
Using the Install Wizard to install policy packages and device settings
Using the Install Wizard to install device settings only
View a policy package diff
Managing devices
Using the quick status bar
Customizing columns
Refreshing a device
Editing device information
Deleting a device
Replacing a managed device
Setting unauthorized device options
Using the CLI console for managed devices
Displaying Security Fabric topology
Manage Devices from Map View
Managing device configurations
View configurations for device groups
Checking device configuration status
Managing configuration revision history
Downloading and importing a configuration file
Comparing different configuration files
Device groups
Default device groups
Add device groups
Manage device groups
Firmware
View firmware for device groups
Upgrade firmware for device groups
Firmware Management
Automatic multi-step firmware upgrade on FortiGate
Managed devices pull firmware from FortiGuard
License
View licenses for device groups
License Management
Add-on license
Provisioning Templates
System templates
Threat Weight templates
Certificate templates
Scripts
Enabling scripts
Configuring scripts
Run a script
Add a script
Edit a script
Clone a script
Delete a script
Export a script
Import a script
Schedule a script
CLI script group
Script syntax
Script history
Script samples
CLI scripts
Tcl scripts
Use Tcl script to access FortiManager’s device database or ADOM database
SD-WAN
Enabling central SD-WAN management
Interface members
SD-WAN templates
Health-Check Servers
Assigned devices
Monitor SD-WAN
IPsec VPN Wizard
Configure BGP Neighbor
FortiExtender
To edit a FortiExtender:
FortiMeter
FortiOS VMs
FortiWeb VMs
Overview
Points
Authorizing metered VMs
Authorizing FortiOS VMs
Authorizing FortiWeb VMs
Monitoring VMs
FortiGate chassis devices
Viewing chassis dashboard
Firewall Policy & Objects
About policies
Policy theory
Global policy packages
Policy workflow
Provisioning new devices
Day-to-day management of devices
Display options
Managing policy packages
Create new policy packages
Create new policy package folders
Edit a policy package or folder
Clone a policy package
Remove a policy package or folder
Assign a global policy package
Install a policy package
Reinstall a policy package
Schedule a policy package install
Export a policy package
Policy package installation targets
Perform a policy consistency check
View logs related to a policy rule
Find and replace objects
Managing policies
Column options
Policy search and filter
Policy hit count
Policy Lookup
Creating policies
Editing policies
Object selector
Drag and drop objects
Install policies only to specific devices
Configuring policy details
Creating Policy Blocks
IP policies
Create New Firewall Policy
Create New Security Policy
Virtual wire pair policy
NAT policies
Proxy policy
Central SNAT
Central DNAT
DoS policies
Interface policies
Multicast policy
Local in policies
Traffic shaping policy
Managing objects and dynamic objects
Create a new object
Color code an object
Support FQDN address objects in firewall policies
Creating an IPv6 Address Template
Promote an Object to Global Database
Map a dynamic ADOM object
Map a dynamic device object
Create a Local Certificate
Create a VPN Tunnel
Map a dynamic device group
Remove an object
Edit an object
Push to device
Clone an object
Search objects
Find unused objects
Find and merge duplicate objects
Export signatures to CSV file format
CLI Configurations
FortiToken configuration example
FSSO user groups
Interface mapping
VIP mapping
Modify existing interface-zone mapping
Create a new shaping profile
ADOM revisions
Fabric View
Security Fabric Topology
Physical Topology
Logical Topology
Filter Topology Views
Search Topology Views
Security Rating
Enabling the Security Rating tab
Viewing Security Fabric Ratings
Fabric Connectors
SDN
Creating ACIÂ fabric connectors
Creating AWSÂ fabric connectors
Creating Microsoft Azure fabric connectors
Creating VMware NSXÂ fabric connectors
Creating VMware NSX-T connector
Creating Nuage fabric connectors
Importing address names to fabric connectors
Configuring dynamic firewall addresses for fabric connectors
Configuring virtual wire pairs
Creating Horizon connector
Creating Oracle Cloud Infrastructure (OCI) connector
Creating VMWare ESXi connector
Creating Kubernetes connector
Creating Alibaba Cloud Service connector
Creating Google Cloud Platform connector
Threat Feeds
Creating threat feed connectors
SSO/Identity
Creating Active Directory connectors
Creating FSSO connectors
Creating RADIUSÂ connectors
Creating Cisco pxGrid connector
Creating ClearPass connector
Creating VMware NSX-TÂ connector
SOC Monitoring
Monitors
Device Status
Using the Monitors dashboard
Customizing the Monitors dashboard
VPN
Overview
Enabling central VPN management
DDNS support
VPN Setup Wizard supports device groups
IPsec VPN Communities
Managing IPsec VPN communities
Creating IPsec VPN communities
VPN community settings
View IPsec VPN community details
Editing an IPsec VPN community
Deleting VPN communities
Monitoring IPsec VPN tunnels
Map View
IPsec VPN gateways
Managing VPN gateways
Creating managed gateways
Creating external gateways
Editing an IPsec VPN gateway
Deleting VPN gateways
VPN security policies
Defining policy addresses
Defining security policies
SSL VPN
Manage SSL VPNs
Creating SSL VPNs
Editing SSL VPNs
Deleting SSL VPNs
Portal profiles
Creating SSL VPN portal profiles
Predefined bookmarks
Editing portal profiles
Deleting portal profiles
Monitor SSL VPNs
Access Points
Managed APs
Quick status bar
Managing APs
FortiAP groups
Authorizing and deauthorizing FortiAP devices
Assigning profiles to FortiAP devices
Rogue APs
Connected clients
Monitor
Clients Monitor
Health Monitor
Map view
Google map
Floor map
WiFi profiles
AP profiles
SSIDs
Creating SSIDs
WIDS profiles
Bluetooth profiles
QoS profiles
Bonjour profiles
FortiSwitch Manager
Managed Switches
Quick status bar
Managing FortiSwitches
Editing switches
Deleting switches
Authorizing and deauthorizing FortiSwitch devices
Upgrading firmware for managed switches
Using zero-touch deployment for FortiSwitch
Installing changes to managed switches
Monitor
FortiSwitch Templates for central management
Enabling FortiSwitch central management
FortiSwitch Templates
Accessing FortiSwitch templates
Creating FortiSwitch templates
Importing FortiSwitch templates
Creating FortiSwitch VLANs
FortiSwitch security policies
Creating FortiSwitch security policies
Assigning templates to FortiSwitch devices
FortiSwitch Profiles for per-device management
Enabling per-device management
FortiSwitch profiles
Creating VLANs
Creating security policies
Creating LLDP profiles
Creating QoS policies
Configuring a port on a single FortiSwitch
Endpoint Compliance
How FortiManager fits into endpoint compliance
FortiTelemetry
Viewing devices
Enabling FortiTelemetry on interfaces
Enabling endpoint control on interfaces
Assigning FortiClient profile packages to devices
Monitor
Monitoring FortiClient endpoints
Monitoring FortiClient endpoints by compliance status
Monitoring FortiClient endpoints by interface
Exempting non-compliant FortiClient endpoints
FortiClient profiles
Viewing profile packages
Viewing FortiClient profiles
Creating FortiClient profile packages
Creating FortiClient profiles
Editing FortiClient profiles
Deleting FortiClient profiles
Importing FortiClient profiles
Assigning profile packages
Device Firmware and Security Updates
Settings
Connecting the built-in FDS to the FDN
Operating as an FDS in a closed network
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unauthorized devices
Configure a FortiManager without Internet connectivity to access a local FortiManager as FDS
Configuring FortiGuard services
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
Scheduling updates
Accessing public FortiGuard web and email filter servers
Logging events related to FortiGuard services
Logging FortiGuard antivirus and IPS updates
Logging FortiGuard web or email filter events
Restoring the URL or antispam database
Licensing status
Package management
Receive status
Service status
Exporting packages example
Importing packages example
Query server management
Receive status
Query status
Exporting web filter databases example
Importing web filter databases example
Firmware images
Locks for Restricting Configuration Changes
Normal mode
Enable normal mode
Locking an ADOM
Locking a device
Locking a policy package
Workflow mode
Enable workflow mode
Workflow approval
Workflow sessions
Starting a workflow session
Saved sessions
View session diff
Discarding a session
Submitting a session
Approving or rejecting a session
Repairing a rejected session
Reverting a session
The session list
System Settings
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
System Resources widget
License Information widget
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Checking RAID from command line
Swapping hard disks
Adding hard disks
Administrative Domains
Default ADOMs
Organizing devices into ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
ADOM modes
Creating backup ADOMs
Importing objects to backup ADOMs
Viewing read-only polices in backup ADOMs
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning VDOMs to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
ADOM versions
Global database version
Concurrent ADOM access
Locking an ADOM
Upgrading an ADOM
Certificates
Local certificates
CA certificates
Certificate revocation lists
Fetcher Management
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiManager MIB fields
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Advanced Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Restricted administrators
Web Filter
Intrusion Prevention
Application Control
Administrator profiles
Permissions
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Two-factor authentication
Configuring FortiAuthenticator
Configuring FortiManager
High Availability
Synchronizing the FortiManager configuration and HA heartbeat
If the primary or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
GUI configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
Appendix A - Supported RFC Notes