Handling connection attempts from unregistered devices
The built-in FDS replies to FortiGuard update and query connections from devices registered with the device manager’s device list. If the FortiManager is configured to allow connections from unregistered devices, unregistered devices can also connect.
For example, you might choose to manage a FortiGate unit’s firmware and configuration locally (from its Web‑based Manager), but use the FortiManager system when the FortiGate unit requests FortiGuard Antivirus (AV) and Intrusion Protection (IPS) updates. In this case, the FortiManager system considers the FortiGate unit to be an unregistered device, and must decide how to handle the connection attempt. The FortiManager system will handle the connection attempt based on how it is configured. Connection attempt handling is only configurable via the CLI
To configure connection attempt handling:
2. Click inside the console to connect.
3. Enter the following CLI command to allow unregistered devices to be registered:
config fmsystem admin setting
set allow_register enable
end
4. To configure the system to add unregistered devices and allow service requests, enter the following CLI commands:
config fmsystem admin setting
set unreg_dev_opt add_allow_service
end
5. To configure the system to add unregistered devices but deny service requests, enter the following CLI commands:
config fmsystem admin setting
set unreg_dev_opt add_no_service
end
For more information, see the FortiManager CLI Reference.