Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiManager 7.0.0 New Features
    7.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.7
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    Local FortiGuard Distribution Server enhancements 7.0.1

    Local FortiGuard Distribution Server enhancements 7.0.1

    The FortiGuard module includes several enhancements when FortiManager is used as a dedicated FortiGuard Distribution Server (FDS):

    FortiDeceptor and FortiTester

    You can now use FortiManager as a local FDS server for FortiDeceptor and FortiTester. Go to FortiGuard > Settings to view the FortiDeceptor and FortiTester options:

    You can also configure downloads for FortiDeceptor and FortiTester by using the CLI:

    config fmupdate fds-setting

    set system-support-fdc 3.x <---- new

    set system-support-fgt 6.4 7.0

    set system-support-fml 6.4

    set system-support-fsa 4.x 3.0 3.1 3.2 <---- version 4.0 is new

    set system-support-fts 4.x <---- new

    end

    Download prioritization

    When FortiManager is acting as a local FDS, you can prioritize downloads from FortiGuard to FortiManager by product and version and/or package. This is useful when you have limited network access.

    Before you can specify a priority list, you must enable products and versions for prioritization.

    To enable products and versions for prioritization:
    1. Go to FortiGuard > Settings.
    2. Under Enable AntiVirus and IPS Service, select the versions for each product, and click Apply.
    To enable product download prioritization:
    1. Go to FortiGuard > Download Prioritization, and toggle Enable by Product to ON.

    2. Add products to the priority list:
      1. In the toolbar, click Create New.

        The Create Download Prioritization dialog box is displayed.

      2. Beside Products, click the box, and select one or more products and versions, and click OK.

        The selected products are displayed in the product list.

      3. Click OK.

        The products are displayed in the priority list.

    3. Specify the download priority for products:
      1. Select one or more products, and click Move To.

        The Move To dialog box is displayed.

      2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected products in the priority list.
      3. Click OK.

        The products are moved, and the updated priority list is displayed.

        You can remove products from the priority list. Select one or more products, and click Delete.

    4. (Optional) Add packages to the priority list.
    To enable package download prioritization:
    1. Go to FortiGuard > Download Prioritization, and toggle Enable by Package to ON.
    2. Add packages to the priority list:
      1. In the toolbar, click Create New.

        The Create Download Prioritization dialog box is displayed.

      2. Beside Packages, click the box, and select one or more packages, and click OK.

        The selected packages are displayed in the packages list.

      3. Click OK.

        The packages are displayed in the priority list.

    3. Specify the download priority for the packages:
      1. Select one or more packages, and click Move To.

        The Move To dialog box is displayed.

      2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected packages in the priority list.
      3. Click OK.

        The packages are moved, and the updated priority list is displayed.

        You can remove packages from the priority list. Select one or more packages, and click Delete.

    4. (Optional) Add products and versions to the priority list.

    IoT packages

    The FortiGuard module now supports the download of packages for the Internet of Things (IoT) service. Following is a summary of how FortiManager handles the IoT packages:

    1. FortiManager downloads packages from FortiGuard.
    2. FortiManager merges the downloaded packages into Run Database.
    3. FortiManager provides the query service.
    Note

    Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

    The following new options have been added to the diagnose command:

    diagnose fmupdate fgd-dbver [wf|as1|as2|as4|av-query|fq|av2|geoip|iots|iotr|iotm]

    diagnose fmupdate fgd-del-db [wf|as|av-query|file-query|av2|iot]

    Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

    • iots: IoT single MAC database

      object ID: 00000000IOTS0000

      Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

    • iotr: IoT range MAC database

      object ID: 00000000IOTR0000

      Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

    • iotm: IoT mapping database

      object ID: 00000000IOTR0000

      Regular object used to map the info data to strings in tag-length-value (TLV) format.

    To configure IoT package download:
    1. Enable Anycast on FortiManager:

      config fmupdate fds-setting

      set fortiguard-anycast enable

      end

    2. Enable download of IoT packages:

      config fmupdate service

      set query-iot enable

      end

    3. Configure downloading of IoT packages:

      config fmupdate web-spam fgd-setting

      set iot-log nofilequery

      set iot-preload enable

      set restrict-iots-dbver <string>

      end

    Previous
    Next

    Local FortiGuard Distribution Server enhancements 7.0.1

    Local FortiGuard Distribution Server enhancements 7.0.1

    The FortiGuard module includes several enhancements when FortiManager is used as a dedicated FortiGuard Distribution Server (FDS):

    FortiDeceptor and FortiTester

    You can now use FortiManager as a local FDS server for FortiDeceptor and FortiTester. Go to FortiGuard > Settings to view the FortiDeceptor and FortiTester options:

    You can also configure downloads for FortiDeceptor and FortiTester by using the CLI:

    config fmupdate fds-setting

    set system-support-fdc 3.x <---- new

    set system-support-fgt 6.4 7.0

    set system-support-fml 6.4

    set system-support-fsa 4.x 3.0 3.1 3.2 <---- version 4.0 is new

    set system-support-fts 4.x <---- new

    end

    Download prioritization

    When FortiManager is acting as a local FDS, you can prioritize downloads from FortiGuard to FortiManager by product and version and/or package. This is useful when you have limited network access.

    Before you can specify a priority list, you must enable products and versions for prioritization.

    To enable products and versions for prioritization:
    1. Go to FortiGuard > Settings.
    2. Under Enable AntiVirus and IPS Service, select the versions for each product, and click Apply.
    To enable product download prioritization:
    1. Go to FortiGuard > Download Prioritization, and toggle Enable by Product to ON.

    2. Add products to the priority list:
      1. In the toolbar, click Create New.

        The Create Download Prioritization dialog box is displayed.

      2. Beside Products, click the box, and select one or more products and versions, and click OK.

        The selected products are displayed in the product list.

      3. Click OK.

        The products are displayed in the priority list.

    3. Specify the download priority for products:
      1. Select one or more products, and click Move To.

        The Move To dialog box is displayed.

      2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected products in the priority list.
      3. Click OK.

        The products are moved, and the updated priority list is displayed.

        You can remove products from the priority list. Select one or more products, and click Delete.

    4. (Optional) Add packages to the priority list.
    To enable package download prioritization:
    1. Go to FortiGuard > Download Prioritization, and toggle Enable by Package to ON.
    2. Add packages to the priority list:
      1. In the toolbar, click Create New.

        The Create Download Prioritization dialog box is displayed.

      2. Beside Packages, click the box, and select one or more packages, and click OK.

        The selected packages are displayed in the packages list.

      3. Click OK.

        The packages are displayed in the priority list.

    3. Specify the download priority for the packages:
      1. Select one or more packages, and click Move To.

        The Move To dialog box is displayed.

      2. Beside To #, select Before or After, and click the box to use the up and down arrows to position the selected packages in the priority list.
      3. Click OK.

        The packages are moved, and the updated priority list is displayed.

        You can remove packages from the priority list. Select one or more packages, and click Delete.

    4. (Optional) Add products and versions to the priority list.

    IoT packages

    The FortiGuard module now supports the download of packages for the Internet of Things (IoT) service. Following is a summary of how FortiManager handles the IoT packages:

    1. FortiManager downloads packages from FortiGuard.
    2. FortiManager merges the downloaded packages into Run Database.
    3. FortiManager provides the query service.
    Note

    Downloads of IoT packages from FortiGuard to FortiManager are currently supported only when Anycast is enabled on FortiManager.

    The following new options have been added to the diagnose command:

    diagnose fmupdate fgd-dbver [wf|as1|as2|as4|av-query|fq|av2|geoip|iots|iotr|iotm]

    diagnose fmupdate fgd-del-db [wf|as|av-query|file-query|av2|iot]

    Use the diagnose fmupdate fgd-dbver command to view the following databases for IoT packages:

    • iots: IoT single MAC database

      object ID: 00000000IOTS0000

      Contains IoT info with entry of a single MAC. Considered a delta object because each version contains parts of data, and FortiManager merges all valid data, which is the same as the URL query service.

    • iotr: IoT range MAC database

      object ID: 00000000IOTR0000

      Contains IoT info with entry of a MAC range. Considered a regular object, and FortiManager uses only the latest version.

    • iotm: IoT mapping database

      object ID: 00000000IOTR0000

      Regular object used to map the info data to strings in tag-length-value (TLV) format.

    To configure IoT package download:
    1. Enable Anycast on FortiManager:

      config fmupdate fds-setting

      set fortiguard-anycast enable

      end

    2. Enable download of IoT packages:

      config fmupdate service

      set query-iot enable

      end

    3. Configure downloading of IoT packages:

      config fmupdate web-spam fgd-setting

      set iot-log nofilequery

      set iot-preload enable

      set restrict-iots-dbver <string>

      end

    Previous
    Next