FortiManager can recognize a Security Fabric group of devices and display all units in the group on the Device Manager pane, and you can manage the units in the Security Fabric group as if they were a single device. See Adding a Security Fabric group.You can also display the security fabric topology (see Displaying Security Fabric topology) and view Security Fabric Ratings (see Fabric View).
Your FortiManager unit records and maintains the history of all configuration changes made over time. Revisions can be scheduled for deployment or rolled back to a previous configuration when needed.
FortiManager can centrally manage the configurations of multiple devices from a single console. Configurations can then be built in a central repository and deployed to multiple devices when required.
FortiManager can segregate management of large deployments by grouping devices into geographic or functional ADOMs. See Administrative Domains.
A FortiGate device can use the FortiManager unit for antivirus, intrusion prevention, web filtering, and email filtering to optimize performance of rating lookups, and definition and signature downloads. See Device Firmware and Security Updates.
FortiManager can centrally manage firmware images and schedule managed devices for upgrade.
FortiManager supports CLI or Tcl based scripts to simplify configuration deployments. See Scripts.
FortiManager can also be used to log traffic from managed devices and generate Structured Query Language (SQL) based reports. FortiManager also integrates FortiAnalyzer logging and reporting features.
The management tasks for devices in a Fortinet security infrastructure follow a typical life cycle:
- Deployment: An administrator completes configuration of the Fortinet devices in their network after initial installation.
- Monitoring: The administrator monitors the status and health of devices in the security infrastructure, including resource monitoring and network usage. External threats to your network infrastructure can be monitored and alerts generated to advise.
- Maintenance: The administrator performs configuration updates as needed to keep devices up-to-date.
- Upgrading: Virus definitions, attack and data leak prevention signatures, web and email filtering services, and device firmware images are all kept current to provide continuous protection for devices in the security infrastructure.