FortiManager v4.0 MR3    Administration Guide
April 06, 201202-434-167503-20120406Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, andFortiGua...
Table of Contents                        Change Log .........................................................................
Table of Contents                       Using the Web-based Manager..........................................................
Table of Contents                            Configuring RAID ...............................................................
Table of Contents                            Importing policies to a device..................................................
Table of Contents                       Installing Device Configurations ....................................................
Table of Contents                       FortiGuard Services .................................................................
Table of Contents                            Navigation Pane.................................................................
Table of Contents                         Configuring enterprise license management .........................................
Table of Contents                          Monitoring HA status .............................................................
Table of Figures                           FortiManager conceptual diagram ..................................................
Table of Figures                         RADIUS server list .................................................................
Table of Figures                         Device settings device selection window ............................................
Table of Figures                         Java-based administration client main window .......................................
Change Log          Date         Change Description        2012-04-06     Initial Release        2012-04-12     Updated ch...
Introduction                           FortiManager centralized management appliances deliver the essential tools needed t...
Introduction                                                                                About this document           ...
Introduction                                                                          FortiManager documentation      Fort...
What’s New in v4.0 MR3                          This chapter lists and describes some of the key changes and new features ...
What’s New in v4.0 MR3                                                            Administrative Domain (ADOM)            ...
What’s New in v4.0 MR3                                                                              Policy usability      ...
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Fortimanager admin-40-mr3
Upcoming SlideShare
Loading in...5
×

Fortimanager admin-40-mr3

3,549

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,549
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
32
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Fortimanager admin-40-mr3"

  1. 1. FortiManager v4.0 MR3 Administration Guide
  2. 2. April 06, 201202-434-167503-20120406Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, andFortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names hereinmay also be trademarks of Fortinet. All other product or company names may betrademarks of their respective owners. Performance metrics contained herein wereattained in internal lab tests under ideal conditions, and performance may vary. Networkvariables, different network environments and other conditions may affect performanceresults. Nothing herein represents any binding commitment by Fortinet, and Fortinetdisclaims all warranties, whether express or implied, except to the extent Fortinet entersa binding written contract, signed by Fortinet’s General Counsel, with a purchaser thatexpressly warrants that the identified product will perform according to the performancemetrics herein. For absolute clarity, any such warranty will be limited to performance inthe same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full anyguarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise thispublication without notice, and the most current version of the publication shall beapplicable.Technical Documentation: http://docs.fortinet.comKnowledge Base: http://kb.fortinet.comCustomer Service & Support: https://support.fortinet.comTraining Services: http://training.fortinet.com
  3. 3. Table of Contents Change Log ............................................................................................ 16 Introduction ............................................................................................ 17 About this document ...................................................................................... 17 FortiManager documentation ......................................................................... 19 What’s New in v4.0 MR3........................................................................ 20 Global Policy improvements........................................................................... 20 Administrative Domain (ADOM) ...................................................................... 21 Install Wizard/Import Wizard........................................................................... 21 Policy usability ................................................................................................ 22 FortiToken support ......................................................................................... 22 Management model........................................................................................ 22 FortiManager VM licensing changes .............................................................. 23 Web-based Manager changes ....................................................................... 23 User Workspaces ........................................................................................... 24 Search improvements..................................................................................... 24 Improvements to Device Manager.................................................................. 24 Firewall Policies Consistency Check .............................................................. 24 Java Client for Windows ................................................................................. 25 IPv6 support ................................................................................................... 25 Audit logging................................................................................................... 25 FortiGate to FortiManager Protocol................................................................ 25 FortiMail support............................................................................................. 25 High Availability improvements ...................................................................... 25 SNMPv3 support added ................................................................................. 26 Additional XML API extensions....................................................................... 26 Fortinet Management Theory ............................................................... 27 Key features of the FortiManager system....................................................... 27 Configuration Revision Control and Tracking ........................................... 27 Centralized Management.......................................................................... 27 Administrative Domains ............................................................................ 27 Local FortiGuard Service Provisioning ..................................................... 27 Firmware Management ............................................................................. 27 Scripting.................................................................................................... 27 FortiClient Management ........................................................................... 27 Fortinet Device Lifecycle Management .................................................... 28 Inside the FortiManager system ..................................................................... 28 Inside the FortiManager Management Module......................................... 30 FortiManager v4.0 MR3 Patch Release 3 Administration Guide 02-434-167503-20120406 3 http://docs.fortinet.com/ • Feedback
  4. 4. Table of Contents Using the Web-based Manager............................................................ 32 System requirements...................................................................................... 32 Connecting to the Web-based Manager ........................................................ 32 Web-based Manager overview....................................................................... 33 Viewing the Web-based Manager............................................................. 33 Using the main tool bar............................................................................. 34 Using the tab bar ...................................................................................... 34 Using the navigation pane ........................................................................ 35 Configuring Web-based Manager settings..................................................... 35 Changing the Web-based Manager language .......................................... 35 Changing administrative access to your FortiManager system................ 36 Changing the Web-based Manager idle timeout...................................... 36 Reboot and shutdown of the FortiManager unit............................................. 37 Administrative Domains ........................................................................ 38 Enabling and disabling the ADOM feature ..................................................... 38 About ADOM modes....................................................................................... 39 Switching between ADOMs ...................................................................... 40 Normal mode ADOMs............................................................................... 40 Backup mode ADOMs .............................................................................. 40 Managing ADOMs .......................................................................................... 41 Concurrent ADOM access ........................................................................ 42 Adding an ADOM ...................................................................................... 42 Deleting an ADOM .................................................................................... 44 Assigning devices to an ADOM ................................................................ 44 Assigning administrators to an ADOM...................................................... 45 Viewing ADOM assignments .......................................................................... 45 Viewing ADOM properties ........................................................................ 46 System Settings ..................................................................................... 47 Viewing the system status .............................................................................. 48 Customizing the Dashboard ..................................................................... 49 Viewing System Information ..................................................................... 51 Viewing System Resource Information ..................................................... 52 Viewing the Device Summary ................................................................... 54 Viewing License Information ..................................................................... 54 Viewing Unit Operation ............................................................................. 55 Viewing RAID status ................................................................................. 55 Viewing Alert Messages............................................................................ 56 Using the CLI Console widget .................................................................. 58 Configuring General settings .......................................................................... 58 Changing the host name........................................................................... 59 Configuring the system time ..................................................................... 60 Updating the system firmware.................................................................. 61 Backing up and restoring the system ....................................................... 62FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 4http://docs.fortinet.com/ • Feedback
  5. 5. Table of Contents Configuring RAID ...................................................................................... 65 Configuring Network settings ................................................................... 68 Managing Certificates ............................................................................... 73 Configuring High Availability ..................................................................... 75 Managing administrators ................................................................................ 77 Monitoring administrator sessions............................................................ 77 Configuring administrator accounts ......................................................... 78 Managing administrator access................................................................ 82 Managing remote authentication servers ................................................. 86 Configuring global admin settings ............................................................ 91 Managing FortiGuard Services ....................................................................... 93 Configuring FortiGuard services ............................................................... 94 Configuring FortiGuard updates ............................................................... 95 Managing firmware images....................................................................... 96 Viewing local event logs ................................................................................. 96 Configuring Advanced Settings ...................................................................... 97 Configuring SNMP .................................................................................... 97 Configuring metadata requirements ....................................................... 104 Configuring advanced settings ............................................................... 107 Alerts....................................................................................................... 108 Device Log .............................................................................................. 112 Using FortiManager Wizards .............................................................. 115 Using the Add Device Wizard ....................................................................... 115 Launching the Add Device Wizard.......................................................... 115 Importing a device .................................................................................. 119 Adding a Device...................................................................................... 125 Using the Install Wizard ................................................................................ 130 Launching the Install Wizard................................................................... 130 Installing a Policy Package ..................................................................... 130 Installing Device Settings........................................................................ 135 Overview of the Add Device Wizard ....................................................... 138 Device Management............................................................................ 140 Device Manager overview............................................................................. 140 Viewing device summaries ........................................................................... 140 Viewing managed devices ...................................................................... 140 Viewing a single device........................................................................... 142 Using list filters........................................................................................ 145 Managing devices......................................................................................... 147 Adding a device ...................................................................................... 147 Replacing a managed device ................................................................. 147 Deleting a device .................................................................................... 148 Editing device information ...................................................................... 148 Refreshing a device ................................................................................ 150FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 5http://docs.fortinet.com/ • Feedback
  6. 6. Table of Contents Importing policies to a device................................................................. 150 Importing and exporting devices ............................................................ 150 Setting unregistered device options ....................................................... 155 Configuring devices ...................................................................................... 155 Configuring a device ............................................................................... 156 Configuring virtual domains (VDOMs)..................................................... 157 Working with device groups ......................................................................... 161 Adding a device group............................................................................ 161 Deleting a device group .......................................................................... 162 Editing device group information............................................................ 162 Viewing the device group summary........................................................ 162 Managing FortiGate chassis devices............................................................ 163 Viewing chassis dashboard .................................................................... 165 Using the CLI console for managed devices................................................ 169 Policies and Objects............................................................................ 170 About Policies............................................................................................... 170 Policy Theory .......................................................................................... 171 Policy Workflow ............................................................................................ 173 Provisioning New Devices ...................................................................... 173 Day-to-Day Management of Devices...................................................... 173 Managing policy packages ........................................................................... 173 Create a new policy package or folder ................................................... 173 Remove a policy package or folder ........................................................ 174 Rename a policy package or folder ........................................................ 174 Install a policy package .......................................................................... 174 Perform a policy consistency check....................................................... 175 About Objects and Dynamic Objects ........................................................... 177 Managing Objects and Dynamic Objects ..................................................... 178 Create a new object or group ................................................................. 178 Remove an object or group .................................................................... 179 Edit an object or group ........................................................................... 179 Clone an object or group ........................................................................ 179 Search where an object or group is used............................................... 179 Search objects ........................................................................................ 180 FortiToken configuration example .......................................................... 180 VPN Console ........................................................................................ 182 Configuring a VPN ........................................................................................ 183 Enable or disable VPN consoles............................................................. 183 Create a firewall address ........................................................................ 183 Create a VPN configuration .................................................................... 183 Add a VPN gateway ................................................................................ 189 Create VPN firewall policies.................................................................... 191FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 6http://docs.fortinet.com/ • Feedback
  7. 7. Table of Contents Installing Device Configurations ........................................................ 192 Checking device configuration status .......................................................... 192 Managing configuration revision history....................................................... 193 Downloading and importing a configuration file ..................................... 195 Comparing different configuration files .................................................. 195 Advanced Features.............................................................................. 197 About Global Policies and Objects............................................................... 197 Assigning Global Policies to ADOMs............................................................ 198 Searching for Global Objects content .......................................................... 198 IP address search rules .......................................................................... 200 Configuring Web Portals............................................................................... 203 Creating a web portal ............................................................................. 204 Configuring the web portal profile .......................................................... 205 Creating a portal user account ............................................................... 208 External users ......................................................................................... 209 Using the web portal............................................................................... 210 Application Program Interfaces ......................................................... 211 XML API ........................................................................................................ 211 Connecting to FortiManager Web Services............................................ 211 Web Portal Service Development Kit (SDK) ................................................. 212 Java-based Administration Client ...................................................... 213 System requirements.................................................................................... 213 Installing and logging in to the Java-based client ........................................ 213 Java-based manager overview..................................................................... 214 Using the main tool bar........................................................................... 215 Using the navigation pane ...................................................................... 215 Using the content pane........................................................................... 215 Java-based manager features ...................................................................... 216 Drag and drop......................................................................................... 216 Tabs ........................................................................................................ 216 Improved adding and editing windows................................................... 217 Working with Scripts ........................................................................... 218 Device View .................................................................................................. 218 Individual device view ............................................................................. 218 Scheduling a script ................................................................................. 220 Script View.................................................................................................... 221 Creating or editing a script ..................................................................... 222 Cloning a script....................................................................................... 223 Exporting a script.................................................................................... 224 Script Samples ............................................................................................. 224 CLI scripts............................................................................................... 225 Tcl scripts ............................................................................................... 230FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 7http://docs.fortinet.com/ • Feedback
  8. 8. Table of Contents FortiGuard Services ............................................................................ 247 FortiGuard Center ......................................................................................... 248 Connecting the built-in FDS to the FDN ................................................. 253 Configuring devices to use the built-in FDS ................................................. 254 Matching port settings............................................................................ 254 Handling connection attempts from unregistered devices..................... 254 Configuring FortiGuard services in the FortiGuard Center ........................... 255 Enabling push updates ........................................................................... 255 Enabling updates through a web proxy.................................................. 256 Overriding default IP addresses and ports ............................................. 257 Scheduling updates ................................................................................ 257 Accessing public FortiGuard Web Filtering and Email Filter servers...... 258 Viewing FortiGuard services from devices and groups ................................ 260 FortiGuard AntiVirus and IPS Statistics for a device .............................. 261 Web Filter Category Detail ...................................................................... 261 FortiGuard Web Filter and Email Filter Statistics .................................... 262 License Information ................................................................................ 262 Device History......................................................................................... 264 Logging events related to FortiGuard services............................................. 264 Logging FortiGuard AntiVirus and IPS updates...................................... 264 Logging FortiGuard Web Filtering or Email Filter events ........................ 265 Viewing service update log events ......................................................... 266 Restoring the URL or Antispam database .................................................... 267 Firmware and Revision Control .......................................................... 268 Viewing a device or group’s firmware........................................................... 268 Downloading firmware images ..................................................................... 271 Installing firmware images ............................................................................ 273 Real-Time Monitor ............................................................................... 274 RTM monitoring ............................................................................................ 274 RTM Dashboards.................................................................................... 274 FortiManager system alerts .......................................................................... 277 Alerts event ............................................................................................. 277 Configuring alerts.................................................................................... 279 Alert console ........................................................................................... 284 Device Log .................................................................................................... 285 Device log setting ................................................................................... 285 Device log access................................................................................... 286 FortiClient Manager............................................................................. 287 FortiClient Manager maximum managed agents ......................................... 287 About FortiClient Manager clustering ........................................................... 288 FortiClient Manager window......................................................................... 288 Main Menu Bar........................................................................................ 289FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 8http://docs.fortinet.com/ • Feedback
  9. 9. Table of Contents Navigation Pane...................................................................................... 289 Client Group Tree.................................................................................... 291 FortiClient menu...................................................................................... 291 Message Center............................................................................................ 292 Dashboard .............................................................................................. 292 Management Event................................................................................. 293 Client Alert .............................................................................................. 294 Working with Clients (FortiClient agents)...................................................... 296 Viewing the clients lists........................................................................... 296 Filtering the clients list ............................................................................ 298 Searching for FortiClient agents ............................................................. 298 Adding or removing temporary clients.................................................... 299 Removing or relicensing unlicensed clients............................................ 300 Deploying licenses to Standard (Free) Edition clients ............................ 301 Deleting FortiClient agents ..................................................................... 301 Working with FortiClient groups ................................................................... 302 Overview of client groups ....................................................................... 302 Viewing FortiClient groups...................................................................... 303 Adding a FortiClient agent group............................................................ 303 Deleting a FortiClient agent group .......................................................... 304 Editing a FortiClient agent group ............................................................ 304 Viewing group summaries ...................................................................... 304 Configuring settings for client groups..................................................... 305 Managing client configurations and software............................................... 306 Deploying FortiClient agent configurations ............................................ 306 Retrieving a FortiClient agent configuration ........................................... 307 Working with FortiClient software upgrades .......................................... 308 FortiClient license keys ........................................................................... 309 Working with Web Filter profiles................................................................... 310 About Web Filtering ................................................................................ 310 Viewing and editing Web Filter profiles .................................................. 311 Configuring a Web Filter profile .............................................................. 311 Configuring FortiClient Manager system settings ........................................ 312 Configuring FortiClient Manager clustering .................................................. 313 Configuring FortiClient Manager cluster members................................. 313 Configuring email alerts ................................................................................ 314 Configuring LDAP for Web Filtering.............................................................. 315 Configuring LDAP settings...................................................................... 315 Configuring an LDAP server ................................................................... 315 Working with Windows AD users and groups ........................................ 316 Active Directory Organizational Units Grouping ..................................... 317 Configuring FortiClient group-based administration .................................... 319 Assigning group administrators .............................................................. 320FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 9http://docs.fortinet.com/ • Feedback
  10. 10. Table of Contents Configuring enterprise license management ................................................ 320 Configuring an enterprise license ........................................................... 321 Creating a customized FortiClient installer ............................................. 322 Configuring FortiClient agent settings .......................................................... 322 Viewing system status of a FortiClient agent.......................................... 323 Configuring system settings of a FortiClient agent................................. 325 Adding trusted FortiManager units to a FortiClient agent ...................... 327 Managing pending actions for a FortiClient agent.................................. 328 Configuring the log settings of a FortiClient agent ................................. 329 Configuring Lockdown Settings ............................................................. 330 Configuring the VPN settings of a FortiClient agent ............................... 330 Configuring a VPN security policy on a FortiClient agent....................... 331 Configuring VPN options of a FortiClient agent...................................... 331 Configuring WAN Optimization settings of a FortiClient agent .............. 332 Configuring AntiVirus settings on a FortiClient agent ............................. 333 AntiVirus scans ....................................................................................... 334 Configuring AntiVirus options ................................................................. 335 Viewing the firewall monitor of a FortiClient agent ................................. 340 Creating firewall policies on a FortiClient agent ..................................... 341 Configuring firewall addresses on a FortiClient agent ............................ 343 Configuring firewall address groups on a FortiClient agent ................... 344 Defining firewall applications on a FortiClient agent............................... 345 Defining firewall protocols on a FortiClient agent................................... 346 Configuring firewall protocol groups on a FortiClient agent ................... 347 Configuring firewall schedules on a FortiClient agent ............................ 348 Configuring firewall schedule groups ..................................................... 349 Configuring trusted IPs exempted from intrusion detection................... 349 Configuring ping servers for a FortiClient agent firewall......................... 350 Setting the firewall options of a FortiClient agent................................... 350 Selecting a Web Filter profile for a FortiClient agent .............................. 352 Configuring Web Filter options on a FortiClient agent ........................... 353 Configuring Email Filter settings on a FortiClient agent ......................... 354 Configuring Email Filter options.............................................................. 355 Configuring anti-leak options on a FortiClient agent .............................. 356 High Availability.................................................................................... 357 HA overview.................................................................................................. 357 Synchronizing the FortiManager configuration and HA heartbeat ......... 358 If the primary unit or a backup unit fails ................................................. 358 FortiManager HA cluster startup steps................................................... 359 Configuring HA options ................................................................................ 359 General FortiManager HA configuration steps ....................................... 361 Web-based Manager configuration steps .............................................. 362FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 10http://docs.fortinet.com/ • Feedback
  11. 11. Table of Contents Monitoring HA status .................................................................................... 364 Upgrading the FortiManager firmware for an operating cluster ................... 365 FortiManager Firmware ...................................................................... 366 Introduction to FortiManager OS v4.0 Major Release 3 ............................... 366 Cautions and Limitations .............................................................................. 366 Limitations............................................................................................... 367 Upgrade Information..................................................................................... 368 Upgrading from FortiManager v4.0 MR2 ................................................ 368 Upgrading from FortiManager v4.0 MR3 ................................................ 369 Upgrading from FortiManager Beta release ........................................... 370 Upgrading FortiManager firmware for a cluster...................................... 370 Downgrading FortiManager .................................................................... 370 FortiManager Best Practices ........................................................................ 370 Appendix A ............................................................................................ 371 Product Life Cycle Information ..................................................................... 371 Software Support Policy............................................................................... 371 Appendix B ............................................................................................ 372 FortiManager-VM System Requirements ..................................................... 372 FortiManager-VM Licence Enhancements ................................................... 372 Index ......................................................................................................373FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 11http://docs.fortinet.com/ • Feedback
  12. 12. Table of Figures FortiManager conceptual diagram .................................................................. 28 Management module....................................................................................... 30 Default FortiManager Configuration window ................................................... 33 Main tool bar.................................................................................................... 34 Unit operation actions in the Web-based Manager......................................... 37 Enabling ADOMs ............................................................................................. 39 Backup mode ADOM device revision history .................................................. 41 ADOM table ..................................................................................................... 41 Add an ADOM.................................................................................................. 43 ADOM dashboard example ............................................................................. 46 FortiManager system dashboard..................................................................... 48 Adding a widget............................................................................................... 49 A minimized widget ......................................................................................... 50 System Information widget.............................................................................. 51 System Resource widget (Real Time display).................................................. 52 System Resource widget (Historical display) .................................................. 52 Edit System Resources Settings window........................................................ 53 Device Summary widget.................................................................................. 54 VM License Information widget ....................................................................... 54 Unit Operation widget...................................................................................... 55 RAID Monitor displaying a RAID array without any failures............................. 55 Alert Message Console widget ........................................................................ 57 List of all alert messages ................................................................................. 57 CLI Console widget ......................................................................................... 58 Edit Host Name dialog box.............................................................................. 59 Time Settings dialog box ................................................................................. 60 Firmware Upgrade dialog box ......................................................................... 61 Backup dialog box........................................................................................... 63 All Settings Configuration Restore dialog box................................................. 64 RAID Settings .................................................................................................. 66 Network screen................................................................................................ 69 Network interface list ....................................................................................... 70 Configure network interfaces........................................................................... 71 Routing Table................................................................................................... 72 Create New route............................................................................................. 72 Local Certificates window ............................................................................... 73 Local Certificate Detail..................................................................................... 74 Cluster Settings dialog box ............................................................................. 75 Administrator session list................................................................................. 77 Administrator list.............................................................................................. 78 Creating a new Administrator account ............................................................ 79 Editing an administrator account..................................................................... 80 Administrator profile list................................................................................... 82 Create new administrator profile ..................................................................... 84 Edit administrator profile window .................................................................... 85 FortiManager v4.0 MR3 Patch Release 3 Administration Guide 02-434-167503-20120406 12 http://docs.fortinet.com/ • Feedback
  13. 13. Table of Figures RADIUS server list ........................................................................................... 86 New RADIUS Server window........................................................................... 87 LDAP server list ............................................................................................... 88 New LDAP server dialog box........................................................................... 89 New TACACS+ server dialog box.................................................................... 91 Administrative settings dialog box................................................................... 92 FortiGuard Center dialog box .......................................................................... 94 Server settings dialog box ............................................................................... 95 Firmware images list ........................................................................................ 96 SNMP configuration ........................................................................................ 98 FortiManager SNMP Community................................................................... 100 System objects metadata .............................................................................. 104 Add meta-field (system object)...................................................................... 105 Config objects metadata ............................................................................... 106 Add meta-field (config object) ....................................................................... 106 Advanced settings ......................................................................................... 107 Alert event window ........................................................................................ 108 Create new alert event window ..................................................................... 108 Mail server window ........................................................................................ 110 Mail server settings........................................................................................ 110 Syslog server window.................................................................................... 110 Syslog server settings.................................................................................... 111 Alert message console window ..................................................................... 111 Alert console settings .................................................................................... 111 Log setting window ....................................................................................... 113 Add Device icon............................................................................................. 115 Add Device Wizard Login window ................................................................. 116 Import device summary window.................................................................... 116 Discover method summary window .............................................................. 117 Add Model Device method window............................................................... 118 Importing device additional information window........................................... 119 Zone map window ......................................................................................... 120 Import policy summary .................................................................................. 121 Import object summary.................................................................................. 122 Device import successful window ................................................................. 123 Import device summary window.................................................................... 124 Adding device additional information window............................................... 125 Adding device model additional information window.................................... 126 Confirmation of success or failure ................................................................. 127 Zone map window ......................................................................................... 128 Add device summary window ....................................................................... 129 Add model device summary window ............................................................ 129 Install icon...................................................................................................... 130 Install policy package .................................................................................... 130 Policy package device selection window ...................................................... 131 Policy package zone validation window........................................................ 132 Policy package policy validation window ...................................................... 133 Policy package installation window............................................................... 134 Device installation history .............................................................................. 134 Install device settings only............................................................................. 135FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 13http://docs.fortinet.com/ • Feedback
  14. 14. Table of Figures Device settings device selection window ...................................................... 136 Device settings successful installation window............................................. 137 Device settings failed installation window ..................................................... 137 Device installation history .............................................................................. 138 Device Manager device list layout ................................................................. 140 Right click menu options ............................................................................... 141 Example FortiGate unit summary .................................................................. 143 A device list filter set to display devices with IP addresses in the range of 1.1.1.1-1.1.1.2................................................................................................ 145 A device list filter set to display all devices except one named “MyDevice” 146 A device list filter set to display devices with Connection Status set to “Connection Up”............................................................................................ 146 Device Manager right-click menu .................................................................. 150 Create new virtual domain ............................................................................. 158 Adding a group .............................................................................................. 161 Device group summary screen ...................................................................... 162 Enable chassis management......................................................................... 163 CLI Console ................................................................................................... 169 Management module..................................................................................... 171 Policy window................................................................................................ 171 Create new policy package ........................................................................... 173 Enter new policy package details .................................................................. 174 Edit Policy Package dialog box ..................................................................... 175 Consistency Check dialog box ...................................................................... 176 Policy Check dialog box ................................................................................ 176 Consistency check results window ............................................................... 177 Managing Objects and Dynamic Objects ...................................................... 178 Example Object table .................................................................................... 178 Creating a new Firewall object address......................................................... 179 Where Used dialog box ................................................................................. 180 Search Objects dialog box ............................................................................ 180 New local user window.................................................................................. 181 VPN List ......................................................................................................... 182 Create VPN window....................................................................................... 184 Add VPN Managed Gateway dialog box ....................................................... 189 Add VPN External Gateway dialog box ......................................................... 190 Configuration and Installation Status widget................................................. 192 Revision History Tab...................................................................................... 193 Add a tag to a configuration version ............................................................. 194 Revision Diff window ..................................................................................... 196 Dashboard Licensing widget ......................................................................... 197 Web Portal Window ....................................................................................... 205 Add a Web Portal Profile ............................................................................... 205 Blank Web Portal Window ............................................................................. 206 Adding web portal content ............................................................................ 206 Logo Preferences .......................................................................................... 207 Portal Properties window .............................................................................. 208 Add User window .......................................................................................... 209 Add External User window ............................................................................ 209 Java-based administration client login screen .............................................. 213FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 14http://docs.fortinet.com/ • Feedback
  15. 15. Table of Figures Java-based administration client main window ............................................ 214 Default main menu bar .................................................................................. 215 Java-based manager content pane............................................................... 216 Reorganizing tabs in the Java-based administration client........................... 217 Policy Editor widow ....................................................................................... 217 Individual Device View ................................................................................... 219 Scheduling a script ........................................................................................ 220 CLI Script Repository .................................................................................... 221 Create or Edit a script.................................................................................... 222 Cloning a script.............................................................................................. 224 Enable FortiGuard settings ............................................................................ 249 FortiGuard AntiVirus and IPS Settings........................................................... 251 Overriding FortiGuard Server......................................................................... 258 Manually uploading AV or IPS updates ......................................................... 259 Device group Service Usage: License Information........................................ 263 Firmware Information (device) ....................................................................... 269 Firmware Information (group) ........................................................................ 269 Firmware Images ........................................................................................... 271 Upload Firmware Image dialog box............................................................... 273 Example RTM Dashboards............................................................................ 275 Rename a dashboard .................................................................................... 276 Reset a dashboard ........................................................................................ 276 Add Monitor window ..................................................................................... 276 Viewing alert events....................................................................................... 277 Adding alert events ........................................................................................ 278 Mail server list ................................................................................................ 279 Adding mail servers ....................................................................................... 280 SNMP access list........................................................................................... 281 Adding a SNMP community .......................................................................... 282 Syslog server list............................................................................................ 283 Adding Syslog Server .................................................................................... 283 Alert message console .................................................................................. 284 Device Log Setting ........................................................................................ 285 Device Log Access ........................................................................................ 286 FortiClient Manager ....................................................................................... 289 Example of how FortiClient Manager determines the group names for OU groups............................................................................................................ 318 Cluster Settings ............................................................................................. 360 FortiManager HA status................................................................................. 364FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 15http://docs.fortinet.com/ • Feedback
  16. 16. Change Log Date Change Description 2012-04-06 Initial Release 2012-04-12 Updated chassis management, under devices chapter. Updated Advanced Settings section. 2012-06-08 Removed references to device locks. 2012-06-18 Revised section on ADOM locking. FortiManager v4.0 MR3 Patch Release 3 Administration Guide 02-434-167503-20120406 16 http://docs.fortinet.com/ • Feedback
  17. 17. Introduction FortiManager centralized management appliances deliver the essential tools needed to effectively manage your Fortinet-based security infrastructure. Using the FortiManager system, you can: • configure multiple FortiGate units (including FortiGate, FortiWiFi, FortiGate-One, and FortiGate-Virtual Machine), FortiCarrier units, FortiMail units, FortiSwitch units, and FortiClient endpoint security agents, • segregate management of large deployments easily and securely by grouping devices and agents into geographic or functional administrative domains (ADOMs), • configure and manage VPN policies, • monitor the status of these units, • view device logs, • update the AntiVirus and attack signatures, • provide Web Filtering and Email Filter service to the licensed devices as a local FortiGuard Distribution Network (FDN) server. • update the firmware images of the devices. The FortiManager system scales to manage up to 5,000 devices and virtual domains (VDOMS) and up to 120,000 FortiClient agents from a single FortiManager interface. It is designed for medium to large enterprises and managed security service providers. FortiManager system architecture emphasizes reliability, scalability, ease of use, and easy integration with third-party systems. This section contains the following topics: • About this document • FortiManager documentation About this document This document describes how to configure and manage your FortiManager system and the devices that it manages. The FortiManager system documentation assumes you have one or more FortiGate units, you have FortiGate unit documentation, and you are familiar with configuring your FortiGate units before using the FortiManager system. Where FortiManager system features or parts of features are identical to FortiGate unit, the FortiManager system documentation refers to the FortiGate unit documentation for further configuration assistance with that feature. This document contains the following information: • What’s New in v4.0 MR3 lists and describes some of the new features and changes in FortiManager v4.0 MR3 Patch Release 3. • Fortinet Management Theory describes key features of the FortiManager system. FortiManager v4.0 MR3 Patch Release 3 Administration Guide 02-434-167503-20120406 17 http://docs.fortinet.com/ • Feedback
  18. 18. Introduction About this document • Using the Web-based Manager introduces the FortiManager Web-based Manager interface that is used to manage and configure supported Fortinet units and FortiClient agents, and to view FortiGate unit configuration, device status, system health, real time logs, and historical logs. • Administrative Domains (ADOMs) describes ADOMs that can define sets of devices to be controlled by one or more administrators. • System Settings describes how to control and monitor the operation of the FortiManager system, including network settings, managing firmware revisions, configuration backup and administrator access. • Using FortiManager Wizards describes how to use the Install, Add Device, and Import Device wizards. • Device Management describes adding, configuring and managing devices, Virtual Domains (VDOMs) and working with device groups. • Policies and Objects describes policy workflow, provisioning, policy packages, objects and dynamic objects. • VPN Console describes how to configure a VPN and firewall policies. • Installing Device Configurations describes installing configuration changes to the devices and pulling the existing configurations from the devices. • Advanced Features describes administrative web portals and portal access. • Application Program Interfaces • Java-based Administration Client introduces the FortiManager java-based administration client tool that can used to manage and configure supported devices and FortiClient agents. • Working with Scripts describes how to create and manage scripts from devices that are in operation. Administrators can use functions, such as the configure function, the debug function, the show function, and the get function, to manage devices using scripts. • FortiGuard Services describes how to use the FortiManager system as a local update server for AV and IPS signatures and a on-site FDN server for FortiGuard Web Filtering and Email Filter services. • Firmware and Revision Control describes how to view, download and install device firmware images. • Real-Time Monitor describes how to monitor the status of a number of devices, system alerts and device log. • FortiClient Manager describes how to use the FortiClient Manager to centrally manage FortiClient agents. • High Availability describes how to configure and manage a FortiManager high availability clusters. • FortiManager FirmwareFortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 18http://docs.fortinet.com/ • Feedback
  19. 19. Introduction FortiManager documentation FortiManager documentation The following FortiManager product documentation is available: • FortiManager Administration Guide This document describes how to set up the FortiManager system and use it to manage supported Fortinet units and FortiClient agents. It includes information on how to configure multiple Fortinet units and FortiClient agents, configuring and managing the FortiGate VPN policies, monitoring the status of the managed devices, viewing and analyzing the FortiGate logs, updating the virus and attack signatures, providing Web Filtering and Email Filter service to the licensed FortiGate units as a local FortiGuard Distribution Network (FDN) server, firmware revision control and updating the firmware images of the managed units and agents. • FortiManager System QuickStart Guide This document is included with your FortiManager system package. Use this document to install and begin working with FortiManager system and FortiManager Web-based Manager. • FortiManager online help You can get online help from the FortiManager Web-based Manager. FortiManager online help contains detailed procedures for using the FortiManager Web-based Manager to configure and manage FortiGate units. • FortiManager CLI Reference This document describes how to use the FortiManager CLI and contains a reference to all FortiManager CLI commands. • FortiManager Release Notes This document describes the new features and enhancements in the FortiManager system since the last release and lists the resolved and known issues. This document also defines supported platforms and firmware versions. • FortiManager Log Message Reference Guide The FortiManager Log Message Reference Guide describes the structure of FortiManager log messages and provides information about the log messages that are generated by the FortiManager system.FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 19http://docs.fortinet.com/ • Feedback
  20. 20. What’s New in v4.0 MR3 This chapter lists and describes some of the key changes and new features added to the FortiManager system. Note: This document was written for FortiManager v4.0 MR3 Patch Release 5. Global Policy improvements Global Policy evaluation FortiManager v4.0 MR3 Patch Release 3 includes a limited Global Policy feature that allows administrators to evaluate the Global Policy feature before purchasing the Global Policy license. When a license key is not installed on the FortiManager, you will be able to enable the Global Policy feature, however the following will be enforced: • Only the default policy package can be used • A maximum of ten policies can be defined in the default package • A maximum of ten objects can be defined. Note: The Global Policy license is now available for the FortiManager 400B, 400C, 1000C, 3000B, 3000C, 5001A and FortiManager VM-Base (4.3). Assigning Global Policies to ADOMs FortiManager v4.0 MR3 Patch Release 3 allows you to specify which policy package within each ADOM, will inherit the Global Policy or Global Database. This enhancement provides a finer granularity to assign specific policy packages within each ADOM. Add Global Zone to Global Policy FortiManager v4.0 MR3 Patch Release 3 adds a Global Zone objects menu and table for adding global zones to global policies. The following changes are included: • Within an ADOM, the global zones are read-only and can not be deleted or edited in the Objects database. • You will need to populate the global zones with interfaces from each device manager. • Global zones can be used for both Global level policy packages as well as ADOM level policy packages, after it is assigned from global to the specified ADOM. FortiManager v4.0 MR3 Patch Release 3 Administration Guide 02-434-167503-20120406 20 http://docs.fortinet.com/ • Feedback
  21. 21. What’s New in v4.0 MR3 Administrative Domain (ADOM) Section View for Global and ADOM Policy Packages FortiManager v4.0 MR3 Patch Release 3 improves the section view menu, by zone with custom label sections. This change adds the following features: • View with global sections or with zone sections with custom labels • Option to toggle between views • Support for both ADOM and Global Policy packages. Administrative Domain (ADOM) The following improvements have been made to the ADOM list page: • When the global admin user logs in, they are directed to the ADOM list page. • When selecting the ADOM name, the left menu item will be selected and the ADOM dashboard will be displayed. • The right-click context menu has a new option to enter the ADOM. • A search field has been added to the navigation pane to quickly search for a specific ADOM. • If backup mode has been configured, backup is displayed beside the ADOM name in the column. • A new column has been added to show if the ADOM has any alerts and a count of the number of alerts. • A status icon is displayed beside each device to show if communication is up or down. • When you hover the mouse pointer over an ADOM, an Enter dialogue box appears. Left-click Enter to enter the ADOM menu. ADOM Backup and Revision Control FortiManager v4.0 MR3 Patch Release 2 introduced two administrative domain (ADOM) configuration modes: Normal, and Backup. FortiManager v4.0 MR3 Patch Release 3, introduces improvements with how the FortiManager handles backup and revision control in both these modes of operation. See “Administrative Domains” on page 38 for more information. Install Wizard/Import Wizard FortiManager v4.0 MR3 Patch Release 3 provides enhancements to the install wizard and import wizard. These changes include: • Clear description of error messages • Preview option to view the installation changes for a policy package • Preview option for device settings installation Add Device Wizard, Fast Forward Support An option has been added to device discovery that allows you to ignore prompts when adding or importing a device unless errors occur. If the device has VDOMs, this option is hidden on the discovery page and displayed on the VDOM page.FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 21http://docs.fortinet.com/ • Feedback
  22. 22. What’s New in v4.0 MR3 Policy usability Import Policy FortiManager v4.0 MR3 Patch Release 3 provides enhancements to the import policy wizard which allows you to select specific policies to import. This granularity provides you with more control over the device and policy import process. Both IPv4 and IPv6 policies are supported. Virtual Domain (VDOM) FortiManager v4.0 MR3 Patch Release 3 provides the following improvements to the Import Wizard and Device Management to handle the import of multiple VDOMs and import of devices/VDOMs when upgrading or moving devices between ADOMS: • New Add VDOM page in the Import Wizard • If the device has VDOMs enabled with more than one VDOM, the ADD VDOM page will be displayed. • The first VDOM will be selected by default, as each VDOM is imported, it will be greyed out in the list. • You can specify a specific VDOM to import • You can select the Import All checkbox to automatically import all VDOMs, or any remaining VDOMs that have not been imported. • You can choose the Skip Remaining button to ignore any remaining VDOMs and jump straight to the summary page. Once a VDOM is added, you will return to the Add VDOM page. Policy usability FortiManager v4.0 MR3 Patch Release 3 adds a Set Profile option in the right-click menu on the policy page. You can use option to assign a new profile to the firewall policy without having to remove and re-add the profile or open the edit policy page. Multiple policy edit FortiManager v4.0 MR3 Patch Release 3 provides an enhancement to allow you to select multiple policies and then right-click to modify the UTM settings for all the selected policies. FortiToken support FortiManager v4.0 MR3 Patch Release 3 provides FortiToken support as a configurable object. See “FortiToken configuration example” on page 180. Management model The FortiManager system in v4.0 MR3 has been changed from what you may be used to from earlier versions. In previous versions there were 2 modes of operation: EMS and GMS. In v4.0 MR3, these have been combined into a single, united workflow that is suitable for users of either mode.FortiManager v4.0 MR3 Patch Release 3 Administration Guide02-434-167503-20120406 22http://docs.fortinet.com/ • Feedback

×