Change Log
Introduction
About this document
FortiManager documentation
What’s New in v4.0 MR3
Global policy improvements
Global policy license change
Assigning global policies to ADOMs
Add global zone to global policy
Section view for global and ADOM policy packages
Administrative Domain (ADOM)
ADOM backup and revision control
Install wizard/Import wizard
Add device wizard, fast forward support
Import policy
Virtual Domain (VDOM)
Policy usability
Multiple policy edit
FortiToken support
Management model
FortiManager VM licensing changes
Web-based Manager changes
User workspaces
Search improvements
Improvements to Device Manager
Firewall Policies Consistency Check
Java Client for Windows
IPv6 support
Audit logging
FortiGate to FortiManager protocol
FortiMail support
High Availability improvements
SNMPv3 support added
Additional XML API extensions
Fortinet Management Theory
Fortinet Management Theory
Fortinet Management Theory
Key features of the FortiManager system
Configuration revision control and tracking
Centralized management
Administrative Domains
Local FortiGuard service provisioning
Firmware management
Scripting
FortiClient management
Fortinet device lifecycle management
Inside the FortiManager system
Management module
Management module
System settings
Real-time monitor
FortiGuard services
Logging and reporting
FortiClient manager
Inside the FortiManager management module
Global ADOM layer
ADOM layer
Device manager layer
Using the Web-based Manager
System requirements
Connecting to the Web-based Manager
Web-based Manager overview
Viewing the Web-based Manager
Using the main toolbar
Using the toolbar
Using the navigation pane
Configuring Web-based Manager settings
Changing the Web‑based Manager language
Changing administrative access to your FortiManager system
Changing the Web‑based Manager idle timeout
Reboot and shutdown of the FortiManager unit
Administrative Domains
What is the best way to organize my devices using ADOMs?
What is the best way to organize my devices using ADOMs?
Enabling and disabling the ADOM feature
About ADOM modes
Switching between ADOMs
Normal mode ADOMs
Backup mode ADOMs
Managing ADOMs
Concurrent ADOM access
Adding an ADOM
FortiManager Cookbook video link
Deleting an ADOM
Assigning devices to an ADOM
ADOM device modes
Assigning administrators to an ADOM
Viewing ADOM assignments
Viewing ADOM properties
System Settings
System Settings
System Settings
Viewing the system status
Customizing the dashboard
To move a widget
To add a widget
To see the available options for a widget
Viewing system information
Viewing system resource information
Viewing the device summary
Viewing license information
Viewing unit operation
Viewing RAID status
Viewing alert messages
Using the CLI console widget
Configuring general settings
Changing the host name
Configuring the system time
Updating the system firmware
Backing up and restoring the system
Backing up the configuration
Restoring the configuration
Scheduling backups
Creating a system checkpoint
Configuring RAID
Supported RAID levels
Replacing hard disks
Adding new disks for FMG-2000B and FMG-4000B
Configuring network settings
Viewing the network interface list
Configuring network interfaces
Configuring static routes
Managing certificates
Creating a local certificate
Importing certificates
Viewing certificate details
Downloading a certificate
Configuring High Availability
Configuring HA options
Managing administrators
Monitoring administrator sessions
Configuring administrator accounts
Using trusted hosts
Managing administrator access
Configuring administrator profiles
Managing remote authentication servers
Configuring RADIUS server authentication
Configuring LDAP server authentication
Configuring TACACS+ server authentication
Configuring global admin settings
Managing FortiGuard Services
Configuring FortiGuard services
Configuring FortiGuard updates
Managing firmware images
Viewing local event logs
Configuring advanced settings
Configuring SNMP
Configuring the SNMP Agent
Configuring an SNMP community
Fortinet MIBs
Fortinet traps
Fortinet & FortiManager MIB fields
Configuring metadata requirements
Configuring System Metadata
Configuring FortiGate object metadata
Configuring advanced settings
Alerts
Alerts Event
Mail Server
Syslog Server
Alert Console
Device Log
Log Setting
Log Access
Using FortiManager Wizards
Using the add device wizard
Launching the add device wizard
Import device
Discover
Add model device
Importing a device
Global Zone Map
Policy
Object
Importing into FortiManager
Device import summary
Adding a Device
Global Zone Map
Device Summary
Using the install wizard
Launching the install wizard
Installing a policy package
Device selection
Zone Validation
Policy validation
Installation
Installing device settings
Device selection
Installation
Overview of the add device wizard
FortiManager Cookbook video link
Device Management
Device manager overview
Viewing device summaries
Viewing managed devices
Viewing a single device
Using list filters
Filters for columns that contain numbers
Filters for columns containing text strings
Filters for columns that can contain only specific items
Managing devices
Adding a device
Replacing a managed device
Deleting a device
Editing device information
Refreshing a device
Importing policies to a device
Importing and exporting devices
Import text file general format
Device file format
ADOM file format
Group file format
Metadata file format
String transliterations
Example text files
Setting unregistered device options
Configuring devices
Configuring a device
Firewall policy reordering on first installation
Configuring virtual domains (VDOMs)
Creating and editing virtual domains
Configuring inter-VDOM routing
Configuring VDOM resource limits
Configuring VDOM global resources
Working with device groups
Adding a device group
Deleting a device group
Editing device group information
Viewing the device group summary
Managing FortiGate chassis devices
Viewing chassis dashboard
Viewing the status of the FortiGate blades
Viewing the status of the power entry modules
Viewing fan tray status (FG-5140 and FG-5140B chassis only)
Viewing shelf manager status
Viewing shelf alarm panel (SAP) status
Using the CLI console for managed devices
Policies and Objects
About policies
Policy theory
Policy workflow
Provisioning new devices
Day-to-day management of devices
Managing policy packages
Create a new policy package or folder
Remove a policy package or folder
Rename a policy package or folder
Install a policy package
Perform a policy consistency check
About objects and dynamic objects
Managing objects and dynamic objects
Create a new object or group
Map the dynamic object
Remove an object or group
Edit an object or group
Clone an object or group
Search where an object or group is used
Search objects
FortiToken configuration example
VPN Console
Configuring a VPN
Enable or disable VPN consoles
Create a firewall address
Create a VPN configuration
Add a VPN gateway
Create VPN firewall policies
Installing Device Configurations
Checking device configuration status
Managing configuration revision history
Downloading and importing a configuration file
Comparing different configuration files
Advanced Features
About global policies and objects
Assigning global policies to ADOMs
Searching for global objects content
IP address search rules
Configuring web portals
Creating a web portal
Configuring the web portal profile
Modifying the content and layout
Adding a logo
Portal Preferences
Creating a portal user account
External users
Using the web portal
Application Program Interfaces
Application Program Interfaces
Application Program Interfaces
XML API
Connecting to FortiManager web services
Enabling web services
Obtaining the WSDL file
Fortinet developer network
Java-based Administration Client
System requirements
Installing and logging in to the Java-based client
Java-based manager overview
Using the main toolbar
Using the navigation pane
Using the content pane
Java-based manager features
Drag and drop
Tabs
Improved adding and editing windows
Working with Scripts
Device view
Individual device view
Scheduling a script
Script view
Creating or editing a script
Cloning a script
Exporting a script
Script samples
CLI scripts
CLI script samples
Error Messages
Troubleshooting Tips
TCL scripts
Limitations of FortiManager TCL
TCL variables
TCL loops
TCL decisions
Additional TCL Scripts
TCL file IO
Troubleshooting Tips
FortiGuard Services
FortiGuard center
FortiGuard Antivirus and IPS settings
FortiGuard Antivirus and IPS settings
FortiGuard web filter and email filter settings
Connecting the built-in FDS to the FDN
Configuring devices to use the built-in FDS
Matching port settings
Handling connection attempts from unregistered devices
Configuring FortiGuard services in the FortiGuard Center
Enabling push updates
Enabling updates through a web proxy
Overriding default IP addresses and ports
FDN port numbers and protocols
Scheduling updates
Accessing public FortiGuard web filtering and email filtering servers
Manually uploading AV and IPS updates
Viewing FortiGuard services from devices and groups
FortiGuard Antivirus and IPS Statistics for a device
Web filter category detail
FortiGuard web filter and email filter statistics
License information
Single device license information
Device group license information
Device History
Logging events related to FortiGuard services
Logging FortiGuard Antivirus and IPS updates
Logging FortiGuard Web Filtering or Email Filter events
Viewing service update log events
Restoring the URL or antispam database
Firmware and Revision Control
Viewing a device or group’s firmware
Downloading firmware images
Installing firmware images
Real-time Monitor
RTM monitoring
RTM Dashboards
Adding and configuring dashboards
Resource, network, and threat monitors
FortiManager system alerts
Alerts event
Configuring alerts
Configuring alerts by mail server
Configuring SNMP traps and alerts
Configuring alerts by syslog server
Alert console
Device log
Device log setting
Device log access
FortiClient Manager
FortiClient Manager maximum managed agents
About FortiClient Manager clustering
FortiClient Manager window
Main menu bar
Navigation pane
Client group tree
FortiClient menu
Message center
Dashboard
Management event
Viewing pending actions for FortiClient agents
Viewing management alerts for FortiClient agents
Client alert
Client alert summary
Viewing firewall alerts for FortiClient agents
Viewing antivirus alerts for FortiClient agents
Viewing upgrade alerts for FortiClient agents
Working with clients (FortiClient agents)
Viewing the clients lists
Filtering the clients list
Searching for FortiClient agents
Adding or removing temporary clients
Removing or relicensing unlicensed clients
Deploying licenses to standard edition clients
Deleting FortiClient agents
Working with FortiClient groups
Overview of client groups
Static client group
Dynamic client group
Nested groups
Viewing FortiClient groups
Adding a FortiClient agent group
Deleting a FortiClient agent group
Editing a FortiClient agent group
Viewing group summaries
Configuring settings for client groups
Managing client configurations and software
Deploying FortiClient agent configurations
Retrieving a FortiClient agent configuration
Working with FortiClient software upgrades
Importing a software upgrade package
Deploying a software upgrade to clients
FortiClient license keys
Working with web filter profiles
About web filtering
Viewing and editing web filter profiles
Configuring a web filter profile
Configuring FortiClient manager system settings
Configuring FortiClient manager clustering
Configuring FortiClient manager cluster members
Configuring email alerts
Configuring LDAP for web filtering
Configuring LDAP settings
Configuring an LDAP server
Working with Windows AD users and groups
Active Directory Organizational Units Grouping
Synchronizing the AD server with FortiClient Manager
Viewing the AD Grouping History
Configuring FortiClient group-based administration
Assigning group administrators
Configuring enterprise license management
Configuring an enterprise license
Creating an enterprise client license key
Creating a customized FortiClient installer
Configuring FortiClient agent settings
Viewing system status of a FortiClient agent
Configuring system settings of a FortiClient agent
Adding trusted FortiManager units to a FortiClient agent
Managing pending actions for a FortiClient agent
Configuring the log settings of a FortiClient agent
Configuring lockdown settings
Configuring the VPN settings of a FortiClient agent
Configuring a VPN security policy on a FortiClient agent
Configuring VPN options of a FortiClient agent
Configuring WAN Optimization settings of a FortiClient agent
Configuring antivirus settings on a FortiClient agent
Antivirus scans
Configuring antivirus options
Email scan options
Real-time protection options
Scheduled scan options
Server protection options
Quarantine options
Viewing the firewall monitor of a FortiClient agent
Creating firewall policies on a FortiClient agent
Configuring firewall addresses on a FortiClient agent
Configuring firewall address groups on a FortiClient agent
Defining firewall applications on a FortiClient agent
Defining firewall protocols on a FortiClient agent
Configuring firewall protocol groups on a FortiClient agent
Configuring firewall schedules on a FortiClient agent
Configuring firewall schedule groups
Configuring trusted IPs exempted from intrusion detection
Configuring ping servers for a FortiClient agent firewall
Setting the firewall options of a FortiClient agent
Selecting a web filter profile for a FortiClient agent
Configuring web filter options on a FortiClient agent
Configuring Email Filter settings on a FortiClient agent
Configuring Email Filter options
Configuring anti-leak options on a FortiClient agent
High Availability
HA overview
Synchronizing the FortiManager configuration and HA heartbeat
If the primary unit or a backup unit fails
FortiManager HA cluster startup steps
Configuring HA options
General FortiManager HA configuration steps
Web-based Manager configuration steps
Monitoring HA status
Upgrading the FortiManager firmware for an operating cluster
FortiManager Firmware
Upgrade information
Upgrading from FortiManager v4.0 MR3
Step 1: Backup FortiManager database and configuration
Step 2: Transfer the firmware image to FortiManager
Step 3: Verify the upgrade
Step 4: Upgrade FortiOS devices
Upgrading from FortiManager v4.0 MR2
Step 1: Prepare FortiManager for upgrade
Step 2: Backup the database and transfer the firmware image
Step 3: Verify the upgrade
System settings
EMS global database
GMS security console
Step 4: Populate policy and objects with the import wizard
Header and footer policy upgrade workaround (optional)
Downgrading FortiManager
Appendix A: Maximum Values/Features
Appendix B: FortiManager VM
FortiManager VM system requirements
FortiManager VM Licence Enhancements
Change Log
FortiManager VM Licence Enhancements
system_host
system_clock
system_firmware
redundant array of independent disks (RAID)
LDAP server
LDAP server:adding
ldap_edit
radius_edit
script_samples
fcm_monitor
fcm_search
fcm_addgroup
fcm_global
fcm_all_managed_clients
fcm_system_settings