system : central-management
 
central-management
Use this command to configure a central management server for this FortiGate unit. Central management uses a remote server to backup, restore configuration, and monitor the FortiGate unit. The remote server can be either a FortiManager or a FortiGuard server.
This command replaces the config system fortimanager command from earlier versions.
Syntax
config system central-management
set mode {normal | backup}
set type {fortiguard | fortimanager }
set schedule-config-restore {enable | disable}
set schedule-script-restore {enable | disable}
set allow-monitor {enable | disable}
set allow-push-configuration {enable | disable}
set allow-pushd-firmware {enable | disable}
set allow-remote-firmware-upgrade {enable | disable}
set enc-algorithm {default | high | low}
set fmg <fmg_ipv4>
set fmg-source-ip <address_ipv4>
set fmg-source-ip6 <address_ipv6>
set include-default-servers {enable | disable}
set use-elbc-vdom {enable | disable}
set vdom <name_string>
config server-list
edit <id>
set server-address <IPv4_addr>
set server-type {rating | update}
end
end
Variable
Description
Default
mode {normal | backup}
Select the mode:
normal — normal central management mode
backup — backup central management mode
normal
type {fortiguard | fortimanager }
Select the type of management server as one of - fortiguard or fortimanager. You can enable remote management from a FortiManager unit or the FortiGuard Analysis and Management Service.
fortimanager
schedule-config-restore {enable | disable}
Select to enable scheduling the restoration of your FortiGate unit’s configuration.
enable
schedule-script-restore {enable | disable}
Select to enable the restoration of your FortiGate unit’s configuration through scripts.
enable
allow-monitor {enable | disable}
Select to allow the remote service to monitor your FortiGate unit.
enable
allow-push-configuration {enable | disable}
Select to enable firmware image push updates for your FortiGate unit.
enable
allow-pushd-firmware {enable | disable}
Select to enable push firmware.
enable
allow-remote-firmware-upgrade {enable | disable}
Select to allow the remote service to upgrade your FortiGate unit with a new firmware image.
enable
enc-algorithm {default | high | low}
Set encryption strength for communications between the FortiGate unit and FortiManager or FortiAnalyzer.
high — 128-bit and larger key length algorithms: DHE‑RSA‑AES256‑SHA, AES256‑SHA, EDH‑RSA‑DES‑CBC3‑SHA, DES‑CBC3‑SHA, DES‑CBC3‑MD5, DHE‑RSA‑AES128‑SHA, AES128‑SHA
low — 64-bit or 56-bit key length algorithms without export restrictions: EDH‑RSA‑DES‑CDBC‑SHA, DES‑CBC‑SHA, DES‑CBC‑MD5
default — high strength algorithms and these medium-strength 128-bit key length algorithms: RC4‑SHA, RC4‑MD5, RC4‑MD
default
fmg <fmg_ipv4>
Enter the IP address or FQDN of the remote FortiManager server.
null
fmg-source-ip <address_ipv4>
Enter the source IPv4 address to use when connecting to FortiManager.
0.0.0.0
fmg-source-ip6 <address_ipv6>
Enter the source IPv6 address to use when connecting to FortiManager.
::
include-default-servers {enable | disable}
Enable or disable inclusion of public FortiGuard servers in the override server list.
enable
use-elbc-vdom {enable | disable}
When enabled, FortiManager manages FortiGate through config sync vdom interface.
disable
vdom <name_string>
Enter the name of the vdom to use when communicating with the FortiManager unit.
This field is optional.
root
config server-list fields
server-address <IPv4_addr>
Enter the IP address of the server.
0.0.0.0
server-type {rating | update}
Choose the server type:
rating — Web filter or anti-spam rating server
update — AV, IPS, or AV-query server
null