FortiManager
Features
Device Configuration and Provisioning
FortiManager expands the network administrator’s
capabilities with a rich set of tools to centrally manage up to
100 000 devices including FortiGate NGFWs, FortiExtender,
FortiSwitch switches, FortiAP access points, Fortinet Secure
SD-WAN, and more.
Collectively configure device settings using enhanced
templates with variables support, in preparation for zerotouch provision for mass deployments, firmware version
enforcement for installs and upgrades, templates to assign
policy packages and policy and object revision history for
auditing, and a Fabric Authorization Template automatically
provision and authorize Lan Edge devices on the managed
FortiGates.
FortiManager includes extended SSL and certificate support
for enhanced ssl-ssh-profile configuration, Restricted IPS
Admin Profiles to support transitioning and upgrading from
dedicated IPS solutions, custom commands on FortiSwitch
and configuring MCLAG from the FortiSwitch Manager.
Automated device configuration backups and revision control
make daily administrative tasks easy. Track changes in the
enhanced Event Log view for review of configuration updates
for auditing and compliance.
Security Policy, Updates and Objects Management
FortiManager’s Policy & Objects views enable Admins to centrally manage and configure device policies, including updating network settings, antivirus definitions, intrusion protection signatures, access rules, and software updates.
The global policy feature allows MSSP and SAAS providers to apply ADOM level header/footer policies for updating all policy packages or select packages.
Policy and Objects views now include a revision history, providing an account of admins who have made changes, change date, summary, and a mandatory change notes field to capture change reason.The per-policy lock feature allows admins to control the policy change by implicitly locking a policy rule when a policy is changed.
Admins can also group commonly used policies in a policy block and insert in different Policy Packages
Secure SD-WAN
FortiManager offers powerful SD-WAN management
capabilities using intuitive workflows and simplified
provisioning at scale. Leverage application centric SD-WAN
business policies to fine-tune traffic steering decisions based
on performance service level agreement (SLA) targets for
each WAN provider.
Simplify and accelerate SD-WAN configuration on a global
scale with automated SD-WAN overlay provisioning. Utilize
device blueprints for large SD-WAN deployments with support
to import CSV templates and assign meta-data variables.
Use the Secure SD-WAN reports and monitoring dashboards
to closely monitor application performance including metrics
for bandwidth, latency, jitter, and packet loss.
Multi-Tenancy and Role-Based Administration
FortiManager provides granular device and role-based
administration and zero-trust multi-tenancy deployments for
large enterprises and a hierarchical objects database for reuse of common configurations to serve multiple customers,
for clear visibility of every device and user on the network.
Administrative Domains (ADOMs) are used to manage independent security environments — like different production plants — each with its own
security policies and configuration database. The intuitive GUI
makes it easy for admins to view, create, clone, and manage
ADOMs, define global Objects, Policies, and Security Profiles
across ADOMs, with Health Check to keep ADOMs in sync.
Assign IPS admin restricted user role, for users performing
only IPS related object config and install. Use per-admin UI
background themes for unique visual associations
FortiManager High Availability (HA)
FortiManager high availability (HA) provides enhanced
reliability, data protection, redundancy, and operational
performance to ensure agreed-upon uptime and availability
requirements are met, with option for dedicated interface
for management of the individual cluster member. In the
event that the operating FortiManager unit fails, a backup
FortiManager (one primary and up to four secondary) unit
can take the place of the failed unit, for seamless access to
devices and business-critical network operations.
Network and Security Operations Visibility (NOC/SOC)
FortiManager supports NOC-SOC workflows to assist network
teams in maintaining optimal performance. Automated data
exchanges between security (SOC) workflows and operational
(NOC) workflows, create a single, complete workflow that not
only saves time, but also provides the capacity to complete
additional incident response activities.
Integration with FortiAnalyzer magnifies visibility with
advanced data visualization and analytics. This insight
helps analysts quickly connect the dots, identify threats,
and simplify the expeditious configuration and security of
managed devices in both IT and OT environments.
Automation and Connectors
Utilize automation and orchestration and optimize network
operations with FortiManager through querying of FortiGate
NGFWs and the Fortinet Security Fabric via application
programming interfaces (APIs). This process will actively
collect and share network information and broaden end-toend visibility and response.
FortiManager reduces complexity and cost by leveraging
REST API, scripts, connectors, and FortiGate automation
stitches to automate time-intensive processes and accelerate
workflows. This method helps NOC and SOC teams by
reducing administrative tasks, and addressing talent
shortages. Admins can automate common tasks such as
provisioning of FortiGate NGFWs and configuring new or
existing devices.
Join the Fortinet Developer Network (FNDN) for exclusive
access to articles, how-to content for automation and
customization, community-built tools, scripts, and sample
code.
Expanded Operations Capabilities
Increase operational efficiencies with simplified and
automated provisioning and deployment of Fabric devices,
using open Fabric APIs for new integrations and workflows.
Utilize ZTNA rules and policies to enforce access control, and
the EMS connector to retrieve ZTNA tags or tag groups, and
configure a ZTNA server and use the ZTNA tags in policies to
enforce zero trust RBAC (role based access control).
Make use of FortiSwitch multiple port selection configuration
templates for effortless configuration of native and allowed
vlans, security policies, QoS policies, and LLDP Profiles for
simplified LAN edge management.
Use the IPS wizard with IPS sensor selections and IPS
templates for quick and easy creation and installation of IPS
profiles.
FortiManager can also act as the management update server
to managed FortiGates for IoT query device identification
service.
Security Fabric and Third Party Integration
FortiManager integration with FortiAnalyzer provides
in-depth discovery, analysis, prioritization, and reporting of
network security events.
Use Fabric connectors to facilitate connections with third
party vendors such as Nozomi, Claroty and others to share and exchange data.
The FortiManager workflow for audit and compliance enables
review, approval, and auditing policy changes. These methods
include automating processes for policy compliance, policy
lifecycle management, and enforced workflow to reduce risk.
Manage and Monitor with Deep Visibility
The FortiManager Device Manager provides full visibility,
access, and management of Fortinet managed devices,
interfaces, scripts, templates, automation, users, settings,
and more. Install, edit, and delete policies. Monitor the health
of FortiGate devices through customizable dashboards and
widgets to see resource usage, network status of DHCP,
IPsec and SSL VPN, routing, traffic shapers, used OT protocols (MODBUS, Profinet, Devicenet etc) and related policies, etc.
Easily navigate the hierarchical tree with categories for
managed devices, logging devices, unauthorized devices, and
customize to display as a table, folder, or a map view.
Use Fabric View to check Security Fabric ratings and
configurations of FortiGate devices or groups. Access
vital security and network statistics, as well as real-time
monitoring and topology information to provide visibility into
network and user activity. Add a FortiAnalyzer appliance or
virtual machine (VM) for powerful analytics and enhanced
Fabric view with asset and identity info, additional data
mining, statistical analysis, and graphical reporting
capabilities.
FortiManager includes a multitude of tools for simple and
intuitive analysis of Fortinet firewalls, switches, access points,
and more. Gain one-click access to MEAs like the FortiAIOps
extension, IPS Admin visibility into installed IPS configurations
and monitoring of IPS Diagnostics, and Device Inventory
Monitor with device and user information, column selections
to show FortiSwitch, FortiAP and SSID information, and IoT
device information gathered from FOS Asset Identity Center.
Device Configuration and Provisioning
FortiManager expands the network administrator’s capabilities with a rich set of tools to centrally manage up to 100 000 devices including FortiGate NGFWs, FortiExtender, FortiSwitch switches, FortiAP access points, Fortinet Secure SD-WAN, and more.
Collectively configure device settings using enhanced templates with variables support, in preparation for zerotouch provision for mass deployments, firmware version enforcement for installs and upgrades, templates to assign policy packages and policy and object revision history for auditing, and a Fabric Authorization Template automatically provision and authorize Lan Edge devices on the managed FortiGates.
FortiManager includes extended SSL and certificate support for enhanced ssl-ssh-profile configuration, Restricted IPS Admin Profiles to support transitioning and upgrading from dedicated IPS solutions, custom commands on FortiSwitch and configuring MCLAG from the FortiSwitch Manager.
Automated device configuration backups and revision control make daily administrative tasks easy. Track changes in the enhanced Event Log view for review of configuration updates for auditing and compliance.
Security Policy, Updates and Objects Management
FortiManager’s Policy & Objects views enable Admins to centrally manage and configure device policies, including updating network settings, antivirus definitions, intrusion protection signatures, access rules, and software updates.
The global policy feature allows MSSP and SAAS providers to apply ADOM level header/footer policies for updating all policy packages or select packages.
Policy and Objects views now include a revision history, providing an account of admins who have made changes, change date, summary, and a mandatory change notes field to capture change reason.The per-policy lock feature allows admins to control the policy change by implicitly locking a policy rule when a policy is changed.
Admins can also group commonly used policies in a policy block and insert in different Policy Packages
Secure SD-WAN
FortiManager offers powerful SD-WAN management capabilities using intuitive workflows and simplified provisioning at scale. Leverage application centric SD-WAN business policies to fine-tune traffic steering decisions based on performance service level agreement (SLA) targets for each WAN provider.
Simplify and accelerate SD-WAN configuration on a global scale with automated SD-WAN overlay provisioning. Utilize device blueprints for large SD-WAN deployments with support to import CSV templates and assign meta-data variables.
Use the Secure SD-WAN reports and monitoring dashboards to closely monitor application performance including metrics for bandwidth, latency, jitter, and packet loss.
Multi-Tenancy and Role-Based Administration
FortiManager provides granular device and role-based administration and zero-trust multi-tenancy deployments for large enterprises and a hierarchical objects database for reuse of common configurations to serve multiple customers, for clear visibility of every device and user on the network.
Administrative Domains (ADOMs) are used to manage independent security environments — like different production plants — each with its own security policies and configuration database. The intuitive GUI makes it easy for admins to view, create, clone, and manage ADOMs, define global Objects, Policies, and Security Profiles across ADOMs, with Health Check to keep ADOMs in sync.
Assign IPS admin restricted user role, for users performing only IPS related object config and install. Use per-admin UI background themes for unique visual associations
FortiManager High Availability (HA)
FortiManager high availability (HA) provides enhanced reliability, data protection, redundancy, and operational performance to ensure agreed-upon uptime and availability requirements are met, with option for dedicated interface for management of the individual cluster member. In the event that the operating FortiManager unit fails, a backup FortiManager (one primary and up to four secondary) unit can take the place of the failed unit, for seamless access to devices and business-critical network operations.
Network and Security Operations Visibility (NOC/SOC)
FortiManager supports NOC-SOC workflows to assist network teams in maintaining optimal performance. Automated data exchanges between security (SOC) workflows and operational (NOC) workflows, create a single, complete workflow that not only saves time, but also provides the capacity to complete additional incident response activities.
Integration with FortiAnalyzer magnifies visibility with advanced data visualization and analytics. This insight helps analysts quickly connect the dots, identify threats, and simplify the expeditious configuration and security of managed devices in both IT and OT environments.
Automation and Connectors
Utilize automation and orchestration and optimize network operations with FortiManager through querying of FortiGate NGFWs and the Fortinet Security Fabric via application programming interfaces (APIs). This process will actively collect and share network information and broaden end-toend visibility and response.
FortiManager reduces complexity and cost by leveraging REST API, scripts, connectors, and FortiGate automation stitches to automate time-intensive processes and accelerate workflows. This method helps NOC and SOC teams by reducing administrative tasks, and addressing talent shortages. Admins can automate common tasks such as provisioning of FortiGate NGFWs and configuring new or existing devices.
Join the Fortinet Developer Network (FNDN) for exclusive access to articles, how-to content for automation and customization, community-built tools, scripts, and sample code.
Expanded Operations Capabilities
Increase operational efficiencies with simplified and automated provisioning and deployment of Fabric devices, using open Fabric APIs for new integrations and workflows.
Utilize ZTNA rules and policies to enforce access control, and the EMS connector to retrieve ZTNA tags or tag groups, and configure a ZTNA server and use the ZTNA tags in policies to enforce zero trust RBAC (role based access control).
Make use of FortiSwitch multiple port selection configuration templates for effortless configuration of native and allowed vlans, security policies, QoS policies, and LLDP Profiles for simplified LAN edge management.
Use the IPS wizard with IPS sensor selections and IPS templates for quick and easy creation and installation of IPS profiles.
FortiManager can also act as the management update server to managed FortiGates for IoT query device identification service.
Security Fabric and Third Party Integration
FortiManager integration with FortiAnalyzer provides in-depth discovery, analysis, prioritization, and reporting of network security events.
Use Fabric connectors to facilitate connections with third party vendors such as Nozomi, Claroty and others to share and exchange data.
The FortiManager workflow for audit and compliance enables review, approval, and auditing policy changes. These methods include automating processes for policy compliance, policy lifecycle management, and enforced workflow to reduce risk.
Manage and Monitor with Deep Visibility
The FortiManager Device Manager provides full visibility, access, and management of Fortinet managed devices, interfaces, scripts, templates, automation, users, settings, and more. Install, edit, and delete policies. Monitor the health of FortiGate devices through customizable dashboards and widgets to see resource usage, network status of DHCP, IPsec and SSL VPN, routing, traffic shapers, used OT protocols (MODBUS, Profinet, Devicenet etc) and related policies, etc.
Easily navigate the hierarchical tree with categories for managed devices, logging devices, unauthorized devices, and customize to display as a table, folder, or a map view.
Use Fabric View to check Security Fabric ratings and configurations of FortiGate devices or groups. Access vital security and network statistics, as well as real-time monitoring and topology information to provide visibility into network and user activity. Add a FortiAnalyzer appliance or virtual machine (VM) for powerful analytics and enhanced Fabric view with asset and identity info, additional data mining, statistical analysis, and graphical reporting capabilities.
FortiManager includes a multitude of tools for simple and intuitive analysis of Fortinet firewalls, switches, access points, and more. Gain one-click access to MEAs like the FortiAIOps extension, IPS Admin visibility into installed IPS configurations and monitoring of IPS Diagnostics, and Device Inventory Monitor with device and user information, column selections to show FortiSwitch, FortiAP and SSID information, and IoT device information gathered from FOS Asset Identity Center.