Fortinet white logo
Fortinet white logo

CLI Reference

config system central-management

config system central-management

Configure central management.

config system central-management
    Description: Configure central management.
    set mode [normal|backup]
    set type [fortimanager|fortiguard|...]
    set fortigate-cloud-sso-default-profile {string}
    set schedule-config-restore [enable|disable]
    set schedule-script-restore [enable|disable]
    set allow-push-configuration [enable|disable]
    set allow-push-firmware [enable|disable]
    set allow-remote-firmware-upgrade [enable|disable]
    set allow-monitor [enable|disable]
    set serial-number {user}
    set fmg {user}
    set fmg-source-ip {ipv4-address}
    set fmg-source-ip6 {ipv6-address}
    set local-cert {string}
    set ca-cert {user}
    set vdom {string}
    config server-list
        Description: Additional severs that the FortiProxy can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
        edit <id>
            set server-type {option1}, {option2}, ...
            set addr-type [ipv4|ipv6|...]
            set server-address {ipv4-address}
            set server-address6 {ipv6-address}
            set fqdn {string}
        next
    end
    set fmg-update-port [8890|443]
    set include-default-servers [enable|disable]
    set enc-algorithm [default|high|...]
    set interface-select-method [auto|sdwan|...]
    set interface {string}
end

config system central-management

Parameter

Description

Type

Size

Default

mode

Central management mode.

option

-

normal

Option

Description

normal

Manage and configure this FortiProxy from FortiManager.

backup

Manage and configure this FortiProxy locally and back up its configuration to FortiManager.

type

Central management type.

option

-

none

Option

Description

fortimanager

FortiManager.

fortiguard

Central management of this FortiProxy using FortiCloud.

none

No central management.

fortigate-cloud-sso-default-profile

Override access profile.

string

Maximum length: 35

schedule-config-restore

Enable/disable allowing the central management server to restore the configuration of this FortiProxy.

option

-

enable

Option

Description

enable

Enable scheduled configuration restore.

disable

Disable scheduled configuration restore.

schedule-script-restore

Enable/disable allowing the central management server to restore the scripts stored on this FortiProxy.

option

-

enable

Option

Description

enable

Enable scheduled script restore.

disable

Disable scheduled script restore.

allow-push-configuration

Enable/disable allowing the central management server to push configuration changes to this FortiProxy.

option

-

enable

Option

Description

enable

Enable push configuration.

disable

Disable push configuration.

allow-push-firmware

Enable/disable allowing the central management server to push firmware updates to this FortiProxy.

option

-

enable

Option

Description

enable

Enable push firmware.

disable

Disable push firmware.

allow-remote-firmware-upgrade

Enable/disable remotely upgrading the firmware on this FortiProxy from the central management server.

option

-

enable

Option

Description

enable

Enable remote firmware upgrade.

disable

Disable remote firmware upgrade.

allow-monitor

Enable/disable allowing the central management server to remotely monitor this FortiProxy unit.

option

-

enable

Option

Description

enable

Enable remote monitoring of device.

disable

Disable remote monitoring of device.

serial-number

Serial number.

user

Not Specified

fmg

IP address or FQDN of the FortiManager.

user

Not Specified

fmg-source-ip

IPv4 source address that this FortiProxy uses when communicating with FortiManager.

ipv4-address

Not Specified

0.0.0.0

fmg-source-ip6

IPv6 source address that this FortiProxy uses when communicating with FortiManager.

ipv6-address

Not Specified

::

local-cert

Certificate to be used by FGFM protocol.

string

Maximum length: 35

ca-cert

CA certificate to be used by FGFM protocol.

user

Not Specified

vdom

Virtual domain (VDOM) name to use when communicating with FortiManager.

string

Maximum length: 31

root

fmg-update-port

Port used to communicate with FortiManager that is acting as a FortiGuard update server.

option

-

8890

Option

Description

8890

Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.

443

Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.

include-default-servers

Enable/disable inclusion of public FortiGuard servers in the override server list.

option

-

enable

Option

Description

enable

Enable inclusion of public FortiGuard servers in the override server list.

disable

Disable inclusion of public FortiGuard servers in the override server list.

enc-algorithm

Encryption strength for communications between the FortiProxy and central management.

option

-

high

Option

Description

default

High strength algorithms and medium-strength 128-bit key length algorithms.

high

128-bit and larger key length algorithms.

low

64-bit or 56-bit key length algorithms without export restrictions.

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config server-list

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

server-type

FortiGuard service type.

option

-

Option

Description

update

AV, IPS, and AV-query update server.

rating

Web filter and anti-spam rating server.

iot-query

IoT query server.

iot-collect

IoT device collection server.

addr-type

Indicate whether the FortiProxy communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.

option

-

ipv4

Option

Description

ipv4

IPv4 address.

ipv6

IPv6 address.

fqdn

FQDN.

server-address

IPv4 address of override server.

ipv4-address

Not Specified

0.0.0.0

server-address6

IPv6 address of override server.

ipv6-address

Not Specified

::

fqdn

FQDN address of override server.

string

Maximum length: 255

config system central-management

config system central-management

Configure central management.

config system central-management
    Description: Configure central management.
    set mode [normal|backup]
    set type [fortimanager|fortiguard|...]
    set fortigate-cloud-sso-default-profile {string}
    set schedule-config-restore [enable|disable]
    set schedule-script-restore [enable|disable]
    set allow-push-configuration [enable|disable]
    set allow-push-firmware [enable|disable]
    set allow-remote-firmware-upgrade [enable|disable]
    set allow-monitor [enable|disable]
    set serial-number {user}
    set fmg {user}
    set fmg-source-ip {ipv4-address}
    set fmg-source-ip6 {ipv6-address}
    set local-cert {string}
    set ca-cert {user}
    set vdom {string}
    config server-list
        Description: Additional severs that the FortiProxy can use for updates (for AV, IPS, updates) and ratings (for web filter and antispam ratings) servers.
        edit <id>
            set server-type {option1}, {option2}, ...
            set addr-type [ipv4|ipv6|...]
            set server-address {ipv4-address}
            set server-address6 {ipv6-address}
            set fqdn {string}
        next
    end
    set fmg-update-port [8890|443]
    set include-default-servers [enable|disable]
    set enc-algorithm [default|high|...]
    set interface-select-method [auto|sdwan|...]
    set interface {string}
end

config system central-management

Parameter

Description

Type

Size

Default

mode

Central management mode.

option

-

normal

Option

Description

normal

Manage and configure this FortiProxy from FortiManager.

backup

Manage and configure this FortiProxy locally and back up its configuration to FortiManager.

type

Central management type.

option

-

none

Option

Description

fortimanager

FortiManager.

fortiguard

Central management of this FortiProxy using FortiCloud.

none

No central management.

fortigate-cloud-sso-default-profile

Override access profile.

string

Maximum length: 35

schedule-config-restore

Enable/disable allowing the central management server to restore the configuration of this FortiProxy.

option

-

enable

Option

Description

enable

Enable scheduled configuration restore.

disable

Disable scheduled configuration restore.

schedule-script-restore

Enable/disable allowing the central management server to restore the scripts stored on this FortiProxy.

option

-

enable

Option

Description

enable

Enable scheduled script restore.

disable

Disable scheduled script restore.

allow-push-configuration

Enable/disable allowing the central management server to push configuration changes to this FortiProxy.

option

-

enable

Option

Description

enable

Enable push configuration.

disable

Disable push configuration.

allow-push-firmware

Enable/disable allowing the central management server to push firmware updates to this FortiProxy.

option

-

enable

Option

Description

enable

Enable push firmware.

disable

Disable push firmware.

allow-remote-firmware-upgrade

Enable/disable remotely upgrading the firmware on this FortiProxy from the central management server.

option

-

enable

Option

Description

enable

Enable remote firmware upgrade.

disable

Disable remote firmware upgrade.

allow-monitor

Enable/disable allowing the central management server to remotely monitor this FortiProxy unit.

option

-

enable

Option

Description

enable

Enable remote monitoring of device.

disable

Disable remote monitoring of device.

serial-number

Serial number.

user

Not Specified

fmg

IP address or FQDN of the FortiManager.

user

Not Specified

fmg-source-ip

IPv4 source address that this FortiProxy uses when communicating with FortiManager.

ipv4-address

Not Specified

0.0.0.0

fmg-source-ip6

IPv6 source address that this FortiProxy uses when communicating with FortiManager.

ipv6-address

Not Specified

::

local-cert

Certificate to be used by FGFM protocol.

string

Maximum length: 35

ca-cert

CA certificate to be used by FGFM protocol.

user

Not Specified

vdom

Virtual domain (VDOM) name to use when communicating with FortiManager.

string

Maximum length: 31

root

fmg-update-port

Port used to communicate with FortiManager that is acting as a FortiGuard update server.

option

-

8890

Option

Description

8890

Use port 8890 to communicate with FortiManager that is acting as a FortiGuard update server.

443

Use port 443 to communicate with FortiManager that is acting as a FortiGuard update server.

include-default-servers

Enable/disable inclusion of public FortiGuard servers in the override server list.

option

-

enable

Option

Description

enable

Enable inclusion of public FortiGuard servers in the override server list.

disable

Disable inclusion of public FortiGuard servers in the override server list.

enc-algorithm

Encryption strength for communications between the FortiProxy and central management.

option

-

high

Option

Description

default

High strength algorithms and medium-strength 128-bit key length algorithms.

high

128-bit and larger key length algorithms.

low

64-bit or 56-bit key length algorithms without export restrictions.

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config server-list

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

server-type

FortiGuard service type.

option

-

Option

Description

update

AV, IPS, and AV-query update server.

rating

Web filter and anti-spam rating server.

iot-query

IoT query server.

iot-collect

IoT device collection server.

addr-type

Indicate whether the FortiProxy communicates with the override server using an IPv4 address, an IPv6 address or a FQDN.

option

-

ipv4

Option

Description

ipv4

IPv4 address.

ipv6

IPv6 address.

fqdn

FQDN.

server-address

IPv4 address of override server.

ipv4-address

Not Specified

0.0.0.0

server-address6

IPv6 address of override server.

ipv6-address

Not Specified

::

fqdn

FQDN address of override server.

string

Maximum length: 255