After you configure the FortiManager device, you should plan the network topology, configure ADOMs, configure administrative accounts, and then add the devices that you want to manage.
The number of devices that can be managed depends on the device model and license. An add-on license can be purchased for some high end devices to increase that number of device that can be managed. See Add-on license for more information.
It is recommended that you import the policy from the device when you add the device to FortiManager. FortiManager uses the imported policy to automatically create a policy package for that device.
- Plan your network topology.
- Configure administrative domains. See Administrative Domains.
- Configure administrator accounts. See Managing administrator accounts.
- Add devices to FortiManager. See Adding devices.
- If not done when you added the device, import the policy from each online device to FortiManager. See Import policy wizard.
A policy package is automatically created for the device based on the policy. You can view the policy package on the Policy & Objects pane.
After initially importing policies from the device, all changes related to policies and objects should be made in Policy & Objects on the FortiManager.
Making changes directly on the FortiGate device will require reimporting policies to resynchronize the policies and objects.
When initially adding a device to a FortiManager, there are several steps that should be followed before the FortiGate is considered synchronized.
1. Ensure a policy package is assigned to this device using Import Policy.
2. Perform an Install Policy Package to ensure that FortiGate and FortiManager are properly synchronized.
As a result, the Config Status and Policy Package Status will show as Synchronized.
The above procedure does not apply to the Backup Mode.
Ensuring that a FortiGate is synchronized sets a good foundation for future configuration changes to be pushed to the FortiGate.