FortiGate / FortiOS

FortiManager

FortiAnalyzer

Administration Guide

Setting up FortiManager
- Connecting to the GUI
  - FortiManager Setup wizard
  - Activating VM licenses
- Security considerations
- GUI overview
- FortiAnalyzer Features
  - Enable or disable FortiAnalyzer features
- Initial setup
- Restarting and shutting down
FortiManager Key Concepts
- Communication through protocols
- Configuration through Device Manager
- ADOMs and devices
- Operations
- Key features of the FortiManager system
Dashboard
- Customizing the dashboard
- System Information widget
- System Resources widget
- License Information widget
- Unit Operation widget
- Alert Messages Console widget
- Log Receive Monitor widget
- Insert Rate vs Receive Rate widget
- Log Insert Lag Time widget
- Receive Rate vs Forwarding Rate widget
- Disk I/O widget
- Device widgets
- Restart, shut down, or reset FortiManager
Device Manager
- ADOMs
- Device & Groups
- Scripts
- Provisioning Templates
- Firmware templates
- Monitors
- FortiGate chassis devices
  - Viewing chassis dashboard
Policy & Objects
- About policies
  - Policy theory
  - Global policy packages
- Policy workflow
  - Provisioning new devices
  - Day-to-day management of devices
- Feature visibility
- Managing policy packages
- Managing policies
- Using policy blocks
- Managing objects and dynamic objects
- ADOM revisions
- Changing object selection pane display mode
- Applying tags to address objects and policies
SD-WAN Manager
- SD-WAN Network
  - SD-WAN Devices
  - SD-WAN Monitor
- SD-WAN Templates
- SD-WAN overlay orchestration
- SD-WAN rules
- Upgrading FortiManager with SD-WAN devices and templates
AP Manager
- Managed FortiAPs
- WiFi Maps
  - Google map
  - Floor map
- WiFi profiles and settings for central management
- WiFi profiles and settings for per-device management
  - Enabling FortiAP per-device management
  - Creating profiles
VPN Manager
- Overview
- Enabling central VPN management
- DDNS support
- VPN Setup Wizard supports device groups
- IPsec VPN
- Agentless VPN
- VPN security policies
  - Defining policy addresses
  - Defining security policies
- VPN CLI configurations
FortiView
Fabric View
- Security Fabric Topology
- Security Rating
  - Viewing Security Fabric Ratings
  - Security Fabric score
- Fabric Connectors
  - Core Network Security
    - Creating FortiClient EMS connectors
  - Other Fortinet Products
    - Creating a FortiAIOps connector
    - Creating a FortiTelemetry agent connector
- External Connectors
- Cloud Orchestration
FortiAI
- Enabling administrator access to FortiAI
  - Role-based access control for FortiAI
- Using FortiAI
- FortiAI agents
- FortiAI data privacy
- FortiAI tokens
- FortiAI example tasks
- Submitting feedback for FortiAI
FortiGuard
- Device licenses
  - View licensing status
- Package management
- Query services
- Firmware images
- External resources
- Settings
- Using FortiManager as a local FDS
- Configuring FortiGuard services
- Logging events related to FortiGuard services
  - Logging FortiGuard antivirus and IPS updates
  - Logging FortiGuard web or email filter events
- Restoring the URL or antispam database
FortiSwitch Manager
- Managed FortiSwitches
- FortiSwitch central management
  - Enabling FortiSwitch central management
  - FortiSwitch Templates
- FortiSwitch per-device management
Extender Manager
- Managed extenders
  - Managing FortiExtender devices
- Extender profiles
  - FortiExtender profiles
  - Using Fortinet recommended extender profiles
- Data plans
- FortiExtender SSIDs
- Preview the JSON API or CLI script for Extender Manager configurations
System Settings
- Logging Topology
- Network
- RAID Management
- Administrative Domains (ADOMs)
- Fabric Management
- Certificates
- Event Log
  - Event log filtering
- Task Monitor
- Mail Server
- Syslog Server
  - Send local logs to syslog server
- Meta Fields
- Device logs
  - Configuring rolling and uploading of logs using the GUI
  - Configuring rolling and uploading of logs using the CLI
- Miscellaneous Settings
Administrators
- Trusted hosts
- Monitoring administrators
- Disconnecting administrators
- Managing administrator accounts
- Restricted administrators
- Administrator profiles
- Workspace settings
- Authentication
- Global administration settings
- Multi-factor authentication
  - Multi-factor authentication with FortiAuthenticator
    - Configuring FortiAuthenticator
    - Configuring FortiManager
  - Multi-factor authentication with FortiToken Cloud
High Availability
- Synchronizing the FortiManager configuration and HA heartbeat
- If the primary or a backup unit fails
- FortiManager HA cluster startup steps
- Configuring HA options
- Monitoring HA status
- Upgrading the FortiManager firmware for an operating cluster
Appendix A - Supported RFC Notes
Appendix B - Policy ID support
Appendix C - FortiManager Ansible Collection documentation
Appendix D - FortiAI token entitlements for FortiManager
Appendix E - VM license migration
Change Log

Home FortiManager 8.0.0 Administration Guide

8.0.0

Adding a VDOM to a managed FortiGate device

You can add a VDOM to a FortiGate by using the content pane or by using the device database. This topic describes how to use the content pane. For information on using the device database, see Device DB - System Virtual Domain.

The Multi VDOM mode allows you to create multiple VDOMs as per your license.

The number of VDOMs you can add is dependent on the device model. For more information, see the Maximum Values Table in the Fortinet Document Library.

To add a VDOM to a FortiGate device:

Go to Device Manager > Device & Groups.
In the toolbar, select Table View from the dropdown menu.
In the tree menu, click the group. The devices in the group are displayed in the content pane.
In the content pane, right-click a device and select Add VDOM.

The Create New Virtual Domain window opens.

Configure the following options, and click OK.

VDOM Name	Type a name for the new virtual domain.
Description	Optionally, enter a description of the VDOM.
Enable	Select to enable the VDOM.
Central SNAT	Toggle ON to enable, and toggle OFF to disable.
Operation Mode	Select either NAT or Transparent.
NGFW Mode	Select either Profile-based or Policy-based.
VDOM Type	Select the VDOM type as either Traffic or Admin. For more information on VDOM types, see the FortiGate / FortiOS Administration Guide.
Interface Members	Click to select each port one by one.
Management IP Address 1 / 2	Type the management IP addresses and network masks for the VDOM. This setting is only available when Operation Mode is Transparent.
Gateway	Type the gateway IP address. This setting is only available when Operation Mode is Transparent.

Kubernetes Service must be enabled on the server side for AWS, Azure, OCI and, GCP for Kubernetes to function for the particular cloud platform. Once the service is enabled, Kubernetes can be configured for the particular cloud platform in FortiManager.