Change Log
Introduction
FortiManager features
FortiManager feature set
FortiAnalyzer feature set
About this document
FortiManager documentation
What’s New in FortiManager v5.0
FortiManager v5.0.7
Workflow mode
Advanced CLI menu
Centralized VPN status pages in Device Manager
FortiToken two-Factor authentication for admin log in
UUID support
Dynamic address group
Dynamic mapping management improvements
Object Web-based Manager enhancements
Central AP management improvements
Improved logging of script execution
Firmware version displayed is consistent with FortiOS
Update service to FortiWeb
FortiExtender support
Restricted Admin profiles
Flexible FortiGuard Distribution Server (FDS) override list management
Model device improvements
Enable the FortiAnalyzer feature set in the Web-based Manager
FortiSandbox support
FortiManager v5.0.6
Policy package locking
Import improvements
Policy & Objects display options improvement
Central WiFi management improvements
Central AP management improvements
FortiSandbox support
Summary of enhancements
FortiManager v5.0.5
Policy package scheduled install
Install summary page
Routing query in DVM table
VPN Console supports NAT device with a public IP feature
Enable/disable the FortiAnalyzer feature set
Manage FortiAnalyzer devices using the FG-FM protocol
View license status of managed devices
Summary of enhancements
FortiManager v5.0.4
ADOM firmware version support
System dashboard widgets
Templates
Summary of enhancements
FortiManager
Other
FortiManager v5.0.3
RAID Management page
FortiMail/FortiWeb logging and reporting support
ADOM for FortiCarrier
Event Management tab
FortiManager VM support for Microsoft Hyper-V Server
Summary of enhancements
FortiManager v5.0.2
FortiManager v5.0.1
Summary of enhancements
FortiManager v5.0.0
Device manager layout
ADOM properties
Device dashboard
Policy package status
Device profiles
Extend workspace to entire ADOM
Re-install
Bind zone to an address
Policy & Objects dual pane
Policy package
Objects
Policy package granularity
New administrators
Reports tab
Report templates
Advanced
Endpoint management
Advanced features improvements
JSON API improvements
Script Web-based Manager
Web portal developer SDK improvements
XML API improvements
High Availability takeover without reboot
IPv6 administration
Single interface zones
Summary of enhancements
Fortinet Management Theory
Key features of the FortiManager system
Configuration revision control and tracking
Centralized management
Administrative domains
Local FortiGuard service provisioning
Firmware management
Scripting
Logging and reporting
Fortinet device life cycle management
Inside the FortiManager system
Device Manager tab
Device Manager tab
Policy & Objects tab
System Settings tab
Inside the FortiManager device manager tab
Global ADOM layer
ADOM layer
Device manager layer
Using the Web-based Manager
System requirements
Supported web browsers
Monitor settings for Web-based Manager access
Connecting to the Web-based Manager
Web-based Manager overview
Viewing the Web-based Manager
Using the navigation pane
Configuring Web-based Manager settings
Changing the Web‑based Manager language
Administrative access
Restricting Web-based Manager access by trusted host
Changing the Web‑based Manager idle timeout
Other security considerations
Reboot and shutdown of the FortiManager unit
Administrative Domains
What is the best way to organize my devices using ADOMs?
What is the best way to organize my devices using ADOMs?
Enabling and disabling the ADOM feature
ADOM modes
Switching between ADOMs
Normal mode ADOMs
Backup mode ADOMs
ADOM versions
Managing ADOMs
Extend workspace to entire ADOM
Concurrent ADOM access
Adding an ADOM
Deleting an ADOM
Upgrading an ADOM
Assigning devices to an ADOM
ADOM device modes
Assigning administrators to an ADOM
Locking an ADOM
Workflow mode
Workflow Mode
Enable or disable workflow mode
Configure workflow permissions
Workflow sessions
System Settings
Dashboard
Customizing the dashboard
To move a widget
To add a widget
To reset the dashboard
To see the available options for a widget
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Creating a system checkpoint
Enable or disable FortiAnalyzer features
System Resource widget
License Information widget
Unit Operation widget
Alert Messages Console widget
CLI Console widget
Log Receive Monitor widget
Logs/Data Received widget
Statistics widget
All ADOMs
RAID management
Supported RAID levels
Hot swapping hard disks
Adding new disks
Network
Viewing the network interface list
Configuring network interfaces
Configuring static routes
Configuring IPv6 static routes
Diagnostic tools
High availability
Configuring HA options
Admin
Monitoring administrator sessions
Administrator
Using trusted hosts
Profile
Configuring administrator profiles
Remote authentication server
LDAP
RADIUS
TACACS+
Manage remote authentication servers
Administrator settings
Configure two-factor authentication for admin login
FortiAuthenticator side configuration
FortiManager side configuration
Certificates
Creating a local certificate
Importing certificates
Importing CRLs
Viewing certificate details
Downloading a certificate
Event log
Task monitor
Advanced
SNMP v1/v2c
Configuring the SNMP agent
Configuring an SNMP community
SNMP MIBs
SNMP traps
Fortinet & FortiManager MIB fields
Mail server
Syslog server
Meta fields
Device log settings
File management
Advanced settings
Restricted Admin Profiles
Restricted administrator accounts
FortiManager portal
Device Manager
Device Manager tab
Device Manager tab layout
Device policy package status
System templates
WiFi templates
FortiClient templates
Certificate templates
Extend workspace to entire ADOM
Re-install
Viewing managed device
Using column filters
View managed devices
Dashboard toolbar
Advanced CLI menu
Dashboard widgets
Zone & Interface
Log Setting
Unregistered devices
Administrative domains (ADOMs)
Managing devices
Adding a device
Replacing a managed device
View all managed devices from the CLI
Changing the serial number from the CLI
Editing device information
Refreshing a device
Install policy package and device settings
Importing and exporting device lists
Import text file general format
ADOM file format
Device file format
Group file format
Metadata file format
String transliterations
Example text files
Setting unregistered device options
Configuring devices
Configuring a device
Firewall policy reordering on first installation
Out-of-Sync device
Configuring virtual domains (VDOMs)
Creating and editing virtual domains
Configuring inter-VDOM routing
Configuring VDOM resource limits
Configuring VDOM global resources
Access points
FortiAP clients
Rogue APs
FortiExtender
Centrally managed
Working with device groups
Managing FortiGate chassis devices
Viewing chassis dashboard
Viewing the status of the FortiGate blades
Viewing the status of the power entry modules
Viewing fan tray status (FG-5140 and FG-5140B chassis only)
Viewing shelf manager status
Viewing shelf alarm panel (SAP) status
Using the CLI console for managed devices
Provisioning Templates
System Templates
WiFi Templates
SSIDs
Custom AP Profiles
WIDS Profile
FortiClient Templates
FortiClient Profiles
Threat Weight
Certificate Templates
FortiManager Wizards
Add device wizard
Launching the add device wizard
Add device wizard options
Discover
Import device
Add model device
Add a device using the add device wizard (Discovery mode)
Add a VDOM
Add a device using the add device wizard (Add model device)
Install wizard
Launching the install wizard
Install policy package and device settings
Device selection
Validation
Installation
Installing device settings (only)
Device selection
Validation
Installation
Installing interface policy (only)
Device selection
Validation
Installation
Import policy wizard
Zone map
Policy
Object
Import
Summary
Re-install policy
Device Configurations
Checking device configuration status
Managing configuration revision history
Downloading and importing a configuration file
Comparing different configuration files
Advanced Features
Scripting
Configuring scripts
Run a script
Add a script
Edit a script
Clone a script
Delete a script
Export a script
Import a script
Script history
Script samples
CLI scripts
CLI script samples
Error Messages
Troubleshooting Tips
TCL scripts
Limitations of FortiManager TCL
TCL variables
TCL loops
TCL decisions
Additional TCL Scripts
TCL file IO
Troubleshooting Tips
Configuring web portals
Creating a web portal
Configuring the web portal profile
Modifying the content and layout
Adding a logo
Portal preferences
Creating a portal user account
External users
Using the web portal
Using the Device Navigator
Policy & Objects
About policies
Policy theory
Global policy packages
Policy workflow
Provisioning new devices
Day-to-day management of devices
Display options
Managing policy packages
Lock an ADOM/Policy Package
Create a new policy package or folder
Remove a policy package or folder
Rename a policy package or folder
Install a policy package
Re-install a policy package
Schedule a policy package install
Export a policy package
Edit the installation targets for a policy package
Perform a policy consistency check
Managing policies
Lock an ADOM/Policy Package
Create a new policy or identity policy
Seq.# column right-click menu options
Source Interface column right-click menu options
Destination Interface column right-click menu options
Source column right-click menu options
Destination column right-click menu options
Schedule column right-click menu options
Service column right-click menu options
Authentication column right-click menu options
Action column right-click menu options
Profile column right-click menu options
Log column right-click menu options
NAT column right-click menu options
Install On column right-click menu options
Section right-click menu options
Interface Policy
Central NAT table
IPv6 Policy
IPv6 Interface Policy
DoS Policy
IPv6 DoS Policy
NAT46 Policy
NAT64 Policy
Explicit Proxy Policy
Insert a policy
Edit a policy
Clone a policy
Copy, cut, and paste a policy
Delete a policy
Add a section
Column settings and filters
Installation tab
ADOM revisions
Managing objects and dynamic objects
Lock an ADOM
Create a new object
Map a dynamic object
Remove an object
Edit an object
Clone an object
Search objects
Drag and drop objects
FortiToken configuration example
Central VPN Console
VPN topology
VPN gateway
VPN security policies
Defining policy addresses
Defining security policies
FortiView
FortiView
Top sources
Top applications
Top destinations
Top web sites
Top threats
Top cloud applications
Log view
Viewing log messages
Customizing the log view
Log display
Columns
Log Arrays
Custom views
Searching log messages
Examples
Download log messages
Log details
Archive
Browsing log files
Importing a log file
Downloading a log file
FortiClient logs
Configuring rolling and uploading of logs
Event Management
Events
Event details
Acknowledge events
Event handler
Manage event handlers
Reports
Reports
Import and export
Import and export
Report folders
Configuration tab
Advanced settings tab
Report cover pages
View report tab
Report layouts
Workspace settings
Sections
Elements
Headings
Text boxes
Images
Charts
Breaks
Chart library
Custom chart wizard
Step 1 of 3 - Choose data
Step 2 of 3 - Add filters
Step 3 of 3 - Preview
Managing charts
Macro library
Managing macros
Report calendar
Advanced
Dataset
Output profile
Language
FortiGuard Management
Advanced settings
FortiGuard antivirus and IPS settings
FortiGuard antivirus and IPS settings
FortiGuard web and email filter settings
Override FortiGuard server (Local FortiManager)
Connecting the built-in FDS to the FDN
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unregistered devices
Configuring FortiGuard services
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
FDN port numbers and protocols
Scheduling updates
Accessing public FortiGuard web and email filter servers
Logging events related to FortiGuard services
Logging FortiGuard antivirus and IPS updates
Logging FortiGuard web or email filter events
Restoring the URL or antispam database
Licensing status
Package management
Receive status
Deployed version
Update history
Service status
Query server management
Receive status
Update history
Query status
Firmware images
High Availability
HA overview
Synchronizing the FortiManager configuration and HA heartbeat
If the primary unit or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
Web-based Manager configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
Appendix A: SNMP MIB Support
SNMP MIB Files
FORTINET-CORE-MIB
FORTINET-FORTIMANAGER-FORTIANALYZER-MIB
Appendix B: FortiManager VM
Licensing
FortiManager VM firmware
Appendix C: Maximum Values
FortiManager maximum values
Appendix D: License Information API
getDeviceLicenseList
Example request:
Example response
Appendix E: Report Templates
Appendix F: Charts, Datasets, & Macros
FortiGate
Predefined charts
Predefined datasets
Predefined macros
FortiMail
Predefined charts
Predefined datasets
FortiWeb
Predefined charts
Predefined datasets
Change Log
Predefined datasets
wbm_language
edit_adom
create_adom
system_settings
add_widget
change_host_name
change_time_settings
firmware_upgrade
backup_system
restore_system
system_checkpoints
edit_system_resources_settings
change_encryption_mode
alert_messages
edit_alert_message_console
cli_console
edit_log_receive_monitor_settings
edit_logs_data_received_settings
all_adoms
raid_management
raid_settings
network
network_interface_list
edit_interface
routing_table
create_route
ipv6_routing_table
create_ipv6_route
diagnostic_tools
ha
cluster_settings
system_settings_admin
current_administrators
administrator_list
new_administrator
edit_administrator
system_settings_admin_profile
create_profile
edit_profile
remote_auth_server
new_ldap_server
new_radius_server
new_tacacs_server
edit_ldap_server
edit_radius_server
edit_tacacs_server
system_settings_admin_admin_settings
local_certificates
ca_certificates
crl
local_certificate_result
ca_certificate_result
crl_result
event_log
task_monitor
snmp_v1_v2c
new_snmp_community
edit_snmp_community
mail_server
mail_server_settings
syslog_server
new_syslog_server
edit_syslog_server
meta_fields
add_meta_field
edit_meta_field
device_log_settings
file_management
advanced_settings
create_profile ; edit_profile
new_restricted_administrator
edit_device
unregistered_devices
out_of_sync_device
all_fortiap
script_samples
event_log_view
traffic_log_view
log_details
log_view_archive
log_browse
forticlient_logs
all_events
event_details
event_handler
create_event_handler
edit_event_handler
clone_event_handler
reports
create_report
clone_report_template
import_report_template
edit_cover_page
report_template_workspace
add_section
edit_section
add_headings
add_text_box
edit_text
add_image
edit_image
add_chart
add_chart_filter
add_break
chart_library
chart_wizard
new_chart
clone_chart
edit_chart
macro_library
new_macro
clone_macro
edit_macro
report_calendar
dataset
new_dataset
clone_dataset
edit_dataset
view_sql_query
output_profile
new_output_profile
edit_output_profile
language
new_language
edit_language