0% found this document useful (0 votes)

145 views130 pages

FortiManager 7.2 Operator Workshop Lab Guide-Online

The FortiManager Operator Workshop Lab Guide for FortiOS 7.2 provides a comprehensive training resource for configuring and managing FortiManager and FortiAnalyzer. It includes detailed labs and exercises on initial configurations, administrative domains (ADOMs), device registration, and troubleshooting. The guide emphasizes hands-on practice with a structured approach to learning Fortinet's management tools and features.

Uploaded by

netb33

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

145 views130 pages

FortiManager 7.2 Operator Workshop Lab Guide-Online

Uploaded by

netb33

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 130

DO NOT REPRINT

FortiManager Operator
Workshop
Lab Guide
for FortiOS 7.2
DO NOT REPRINT
© FORTINET
Fortinet Training Institute - Library

https://training.fortinet.com

Fortinet Product Documentation

https://docs.fortinet.com

Fortinet Knowledge Base

https://kb.fortinet.com

Fortinet Fuse User Community

https://fusecommunity.fortinet.com/home

Fortinet Forums

https://forum.fortinet.com

Fortinet Product Support

https://support.fortinet.com

FortiGuard Labs

https://www.fortiguard.com

Fortinet Training Program Information

https://www.fortinet.com/nse-training

Fortinet | Pearson VUE

https://home.pearsonvue.com/fortinet

Fortinet Training Institute Helpdesk (training questions, comments, feedback)

https://helpdesk.training.fortinet.com/support/home

9/18/2023
DO NOT REPRINT
© FORTINET

TABLE OF CONTENTS

Network Topology 6
Lab 1: Initial Configuration 7
Exercise 1: Configuring ADOMs 10
Enable ADOMs 10
View ADOM Information 10
Configure ADOMs 12
Exercise 2: Adding FortiAnalyzer to FortiManager 15
Lab 2: Administration and Management 18
Exercise 1: Creating and Assigning Administrators 19
Test Administrator Privileges 20
Lab 3: Device Registration 22
Exercise 1: Configuring System Templates 23
Configure System Templates 23
Exercise 2: Registering a Device on FortiManager 26
Add Local-FortiGate Using the Add Device Wizard 26
View the Local-FortiGate Policy Package 30
Import System Template Settings From FortiGate 31
Add Remote-FortiGate Using the Add Device Wizard 34
Assign the System Template to Local-FortiGate and Remote-FortiGate 35
Lab 4: Device-Level Configuration and Installation 38
Exercise 1: Understanding the Statuses of Managed Devices 39
Exercise 2: Installing System Template Changes on Managed Devices 42
Install System Templates 42
Check the Status of the Managed Device 44
View the Pushed Configuration on FortiGate 46
Exercise 3: Viewing the Auto Update Status and Revision History 48
Make Direct Changes on Local-FortiGate 48
Make Direct Changes on Remote-FortiGate 49
View the Auto Update Status and Revision History 49
View the Installation Log 51
Exercise 4: Configuring Device-Level Changes 53
Change the Interface Settings of the Managed FortiGate 53
Filter Devices Based on Status 55
DO NOT REPRINT
© FORTINET
Configure the Administrator Account 55
Exercise 5: Installing Configuration Changes 59
Use the Install Wizard 59
View the Revision Differences 62
Exercise 6: Using Scripts 65
Configure Scripts 65
Run and Install Scripts 67
Lab 5: Policies and Objects 71
Exercise 1: Importing Policies 72
Import Policies 72
Create ADOM Revisions 75
Exercise 2: Creating a Common Policy for Multiple Devices 77
Create Dynamic Mappings for Address Objects 77
Create Dynamic Mappings for Interfaces and Device Zones 80
Import and Install a CLI Script to Delete Policies 83
Run and Install the Scripts 84
Create a Common Policy Package, an Installation Target, and Use Install On 89
Lab 6: Global ADOM Policy Configuration 98
Exercise 1: Creating and Assigning Header Policies in the Global ADOM 99
Lab 7: Diagnostics and Troubleshooting 104
Exercise 1: Diagnosing and Troubleshooting Installation Issues 107
View the Installation Preview 107
View the DNS Configuration 109
Install Device-Level Configuration Changes 111
Exercise 2: Troubleshooting Policy Import Issues 115
View the Policy Package and Objects 115
Review Policies and Objects Locally on Remote-FortiGate 116
Import a Policy Package 117
Check the Impact of a Partial Policy Import (Optional) 120
Fix a Partial Policy Import Issue 122
Retrieve the New Configuration From FortiManager 124
Exercise 3: Upgrading FortiGate Firmware Using FortiManager 127
DO NOT REPRINT
© FORTINET

Disclaimer
Content for this course only includes a subset of official NSE material and may also include custom content. As
such this course does not contain all necessary information for individual NSE certifications. For full content and
certification information, refer to the Fortinet Training Institute.

FortiManager 7.2 Operator Workshop Lab Guide 5

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Network Topology

6 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Lab 1: Initial Configuration

In this lab, you will configure administrative domains (ADOMs). You will also add FortiAnalyzer to FortiManager,
for logging and reporting.

Objectives
l Enable ADOMs and configure a new ADOM
l Add FortiAnalyzer to FortiManager

Time to Complete
Estimated: 20 minutes

Prerequisites
This lab environment is also used for FortiGate Security 7.2 and FortiGate Infrastructure 7.2 training and initializes
in a different state than is required for FortiManager 7.2.1 training.

Before you begin this lab, you must update the firmware and initial configuration on the Local-FortiGate and
Remote-FortiGate VMs.

To update the FortiGate firmware on FortiGate devices

1. On the Local-Client VM, open a browser, and then log in to the Remote-FortiGate GUI at 10.200.3.1 with the
username admin and password password.

2. Click System > Fabric Management, select Remote-FortiGate, and then click Upgrade.
3. In the Select Firmware section, click the File Upload tab, and then click Browse.

FortiManager 7.2 Operator Workshop Lab Guide 7

Fortinet Technologies Inc.
DO NOT REPRINT Lab 1: Initial Configuration

© FORTINET
4. Browse to Desktop > Resources > FortiManager > FGT-firmware, select FGT_upgrade_build1254.out,
and then click Open to load the file.
5. Click Confirm and Backup Config, and then in the warning window, click Continue to initiate the upgrade.

The system reboots. Click Cancel so that the configuration backup file is not saved.

6. Open another browser tab, and then log in to the Local-FortiGate GUI at 10.0.1.254 with the username admin
and password password.

7. Repeat the procedure to update the firmware for the Local-FortiGate VM.
This procedure can take up to 10 minutes to upgrade.

To restore the Remote-FortiGate configuration file

1. On the Local-Client VM, open a browser, and then log in to the Remote-FortiGate GUI at 10.200.3.1 with the
username admin and password password.
2. In the upper-right corner of the screen, click admin, and then click Configuration > Restore.

8 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Lab
NOT 1: InitialREPRINT
Configuration

© FORTINET
3. Click Local PC, and then click Upload.
4. Click Desktop > Resources > FortiManager > Introduction, select remote-Initial.conf, and then click
Open.
5. Click OK.
6. Click OK to reboot.

To restore the Local-FortiGate configuration file

1. On the Local-Client VM, open a browser, and then log in to the Local-FortiGate GUI at 10.0.1.254 with the
username admin and password password.
2. In the upper-right corner of the screen, click admin, and then click Configuration > Restore.

3. Click Local PC, and then click Upload.

4. Click Desktop > Resources > FortiManager > Introduction, select local-Initial.conf, and then click
Open.
5. Click OK.
6. Click OK to reboot.
7. After the device restarts, close the browsers for both the Remote-FortiGate GUI and Local-FortiGate GUI.

FortiManager 7.2 Operator Workshop Lab Guide 9

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Configuring ADOMs

Administrative domains (ADOMs) group devices for administrators to monitor and manage. The purpose of
ADOMs is to divide the administration of devices and control (restrict) access.

In this exercise, you will enable and configure ADOMs.

Enable ADOMs

ADOMs are not enabled by default, and can be enabled only by the admin administrator, or an administrator with
the Super_User access profile.

You will enable ADOMs on FortiManager.

To enable ADOMs
1. Log in to the FortiManager GUI with the username admin and password password.
2. Click System Settings.
3. In the System Information widget, enable Administrative Domain.

4. Click OK.
FortiManager logs you out.

View ADOM Information

Before you create new ADOMs, you should be aware of the types of ADOMs that are available to you. You will
view ADOM information using both the GUI and CLI.

To view ADOM information

1. Log in to the FortiManager GUI with the username admin and password password.
2. Select the root ADOM.

10 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Configuring
REPRINT ADOMs View ADOM Information

5. Log in to the FortiManager CLI with the username admin and password password.
6. Enter the following command to view the ADOMs that are currently enabled on FortiManager and the type of
device you can register to each ADOM:

The CLI output formatting is easier to read if you maximize your PuTTY window. If you
already executed the command, once the window is maximized, press the up arrow to
show the last command that you entered, and then press Enter to run the command
again.

# diagnose dvm adom list

As you can see, FortiManager supports 19 ADOMs, each associated with different devices. The CLI also
displays the supported firmware versions.

7. Close the PuTTY session.

FortiManager 7.2 Operator Workshop Lab Guide 11

Fortinet Technologies Inc.
DO Configure
NOTADOMs REPRINT Exercise 1: Configuring ADOMs

By default, when you enable ADOMs, FortiManager creates ADOMs based on supported device types. The root
ADOM is based on the FortiGate ADOM type.

When you create a new ADOM, you must match the device type. For example, if you want to create an ADOM for
FortiGate, you must select FortiGate as the ADOM type. With FortiGate ADOMs specifically, you must also select
the firmware version of the FortiGate. Different firmware versions have different features, and therefore different
CLI syntax. Your ADOM settings must match the device firmware.

You will create and configure a new ADOM.

To configure ADOMs
1. Continuing on the FortiManager GUI, click System Settings > All ADOMs.

2. Click Create New.

3. Configure the following settings:

Field Value

Name My_ADOM

Type FortiGate and 7.2

Your configuration should look like the following example:

12 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Configuring
REPRINT ADOMs Configure ADOMs

4. Click Select Device.

If any devices were registered to FortiManager, you could select a device and add it to the ADOM. However,
in this lab, the list is empty because no devices are registered.

5. Click Cancel.
6. Keep the default values for all other settings, and then click OK.
You should see a list of predefined ADOMs, including your new ADOM.

FortiManager 7.2 Operator Workshop Lab Guide 13

Fortinet Technologies Inc.
DO Configure
NOTADOMs REPRINT Exercise 1: Configuring ADOMs

© FORTINET
You can switch between ADOMs on the GUI. You do not have to log out and log back
in. To switch between ADOMs on the GUI, in the upper-right corner, click ADOM.
Your administrator privileges determine which ADOMs you can access.

14 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 2: Adding FortiAnalyzer to FortiManager

You can manage FortiAnalyzer from FortiManager. Adding a FortiAnalyzer to FortiManager gives FortiManager
visibility into the logs on FortiAnalyzer, providing a single pane of glass on FortiManager. It also enables
FortiAnalyzer features, such as FortiView and Log View.

You can also use FortiManager as a logging and reporting device by enabling FortiAnalyzer features on
FortiManager. Remember that, unlike FortiAnalyzer, FortiManager has logging rate restrictions.

In this exercise, you will add FortiAnalyzer to FortiManager, so that you can manage FortiAnalyzer from
FortiManager for logging and reporting.

To add FortiAnalyzer to FortiManager

1. Log in to the FortiAnalyzer GUI at 10.0.1.210 with the username admin and password password.
Before you add FortiAnalyzer to FortiManager, you must enable the FortiManager Administrative Access
checkbox on the FortiAnalyzer management interface.

2. Click System Settings > Network.

3. Select the port1 checkbox, and then click Edit.
4. In the Administrative Access field, select the FortiManager checkbox.
5. Click OK.
6. Click Dashboard.
7. Enable Administrative Domain.
8. Click OK.
9. Log in to the FortiManager GUI at 10.0.1.241 with the username admin and password password.
10. Click My_ADOM.
11. Click Device Manager.
12. In the Add Device drop-down list, select Add FortiAnalyzer.

13. In the Add FortiAnalyzer wizard, configure the following settings:

Field Value

IP Address 10.0.1.210

Use legacy device login ON

Username admin

Password password

14. Click Next.

FortiManager 7.2 Operator Workshop Lab Guide 15

Fortinet Technologies Inc.
DO NOT REPRINT Exercise 2: Adding FortiAnalyzer to FortiManager

15. Click Next.

16. Click Synchronize ADOM and Devices.

If the FortiManager ADOM does not exist on the FortiAnalyzer, a warning appears. You
can add the ADOM and devices to FortiAnalyzer by clicking Synchronize ADOM and
Devices.

17. Click Finish.

You will configure logging on the FortiGate devices in a later lab.

18. Log out of FortiManager.

19. Log in to the FortiManager GUI at 10.0.1.241 with the username admin and password password.
20. Click My_ADOM.

16 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Adding
REPRINT
FortiAnalyzer to FortiManager

Now that you have added FortiAnalyzer to FortiManager, you will notice that more panes related to logging
and reporting appear—FortiView, Log View, FortiSoC, and Reports.

21. Click Device Manager.

22. Expand Managed FortiAnalyzer to see the FortiAnalyzer that you just added.

23. Log out of FortiManager.

FortiManager 7.2 Operator Workshop Lab Guide 17

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Lab 2: Administration and Management

In this lab, you will configure an administrator user. You will also restrict administrator access based on
administrator profile and ADOMs.

Objectives
l Configure an administrator and restrict access to a newly created ADOM

Time to Complete
Estimated: 20 minutes

18 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Creating and Assigning Administrators

In this exercise, you will create an administrative user with restricted access permissions.

In an active deployment scenario, having more than one administrative user makes administering the network
easier, especially if users are delegated specific administrative roles, or confined to specific areas within the
network. In an environment with multiple administrators, you should ensure that every administrator has only the
permissions necessary to do their specific job.

To create and assign administrators

1. Log in to the FortiManager GUI with the username admin and password password.
2. Click root.
3. Click System Settings.
4. Click Admin > Administrators.

5. Click Create New.

6. Configure the following settings:

Field Value

User Name student

Admin Type LOCAL

New Password fortinet

Confirm Password fortinet

Administrative Domain Specify

Click here to select My_ADOM

Admin Profile Standard_User

Policy Package Access All Packages

Your configuration should look like the following example:

FortiManager 7.2 Operator Workshop Lab Guide 19

Fortinet Technologies Inc.
DO Test
NOT REPRINT
Administrator Privileges Exercise 1: Creating and Assigning Administrators

FortiManager comes with five default profiles preinstalled that you can assign to other
administrative users. Alternatively, you can create your own custom profiles.

In this lab, we have assigned a preconfigured Standard_User profile to the newly

created student administrator. The Standard_User profile provides read and write
access for all device privileges, but not system privileges.

7. Keep the default values for all other settings, and then click OK.
8. In the upper-right corner, click admin.
9. Click Log Out.

Test Administrator Privileges

You will log in to FortiManager with the administrator account (student) that you just created, and then test the
administrator privileges.

20 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Creating
REPRINT
and Assigning Administrators Test Administrator Privileges

© FORTINET
To test administrator privileges
1. Log in to the FortiManager GUI with the username student and password fortinet.
You are limited to the My_ADOM administrative domain.

Also, there are no System Settings and FortiGuard tabs.

The preceding image shows how you can control or restrict administrator access based on administrative
profiles and ADOMs.

2. Log out of FortiManager.

FortiManager 7.2 Operator Workshop Lab Guide 21

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Lab 3: Device Registration

In this lab, you will explore the common operations performed using the device manager. You will use the Device
Manager pane to add FortiGate devices.

Objectives
l Create and apply system templates to your managed devices
l Review central management settings on FortiGate
l Add a device using the Add Device wizard

Time to Complete
Estimated: 20 minutes

22 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Configuring System Templates

You can configure system templates on FortiManager to provision common system-level settings on FortiGate
devices. You can configure the templates in advance, and then apply them either to FortiGate devices when they
are first added to FortiManager or to FortiGate devices that FortiManager is currently managing.

Configure System Templates

You will configure and apply system templates to FortiGate.

To configure system templates

1. Log in to the FortiManager GUI with the username admin and password password.
2. Click root.
3. Click System Settings.
4. Click Admin > Administrators.
5. Select the student checkbox, click Edit, and then select All ADOMs.

6. Click OK.
7. Log out of the FortiManager admin account.
8. Log in to the FortiManager GUI with the username student and password fortinet.
9. Click My_ADOM.
10. Click Device Manager.
11. Click Provisioning Templates.

FortiManager 7.2 Operator Workshop Lab Guide 23

Fortinet Technologies Inc.
DO Configure
NOTSystem REPRINT
Templates Exercise 1: Configuring System Templates

12. Under System Templates, select the default checkbox, and then click Edit.

13. In the Log Settings widget, select the Send Logs to FortiAnalyzer/FortiManager checkbox.
14. Select Managed FortiAnalyzer, and then select the managed FortiAnalyzer in the drop-down list.
15. In the Upload Option field, select Real-time.
16. Enable Reliable Logging to FortiAnalyzer.
Your configuration should look like the following example:

17. Click Apply.

18. Click X to delete all of the other widgets, and then click OK.

24 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Configuring
REPRINT System Templates Configure System Templates

FortiManager 7.2 Operator Workshop Lab Guide 25

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 2: Registering a Device on FortiManager

There are multiple ways to add FortiGate devices to FortiManager, including:

l Use the Add Device wizard.
l Send a request from FortiGate to FortiManager, and then accept the request from FortiManager.
l Add multiple devices using the Device Manager.
You will add FortiGate devices using the Add Device wizard.

FMG-Access on both FortiGate devices is enabled on the interface connected to

FortiManager. FMG-Access is the communication protocol that is used between
FortiManager and managed FortiGate devices.

Add Local-FortiGate Using the Add Device Wizard

You will add Local-FortiGate to FortiManager in My_ADOM using the Add Device wizard, and then you will apply
the System Template that you created earlier.

To add Local-FortiGate using the Add Device wizard

1. On the Local-Client VM, open a browser, and then log in to the FortiManager GUI at 10.0.1.241 with the
username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.
4. Click Add Device.

5. In the Add Device wizard, select Discover Device, and then configure the following settings:

26 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT a Device on FortiManager Add Local-FortiGate Using the Add Device Wizard

IP Address 10.200.1.1

(This is the IP address of port1 on FortiGate.)

Use legacy device login Enable

Username admin

Password password

6. Click Next.
7. Ensure that Name is set to Local-FortiGate.

8. Click Next.
9. Click Import Now to import the policies and objects.

FortiManager 7.2 Operator Workshop Lab Guide 27

Fortinet Technologies Inc.
DO Add
NOT REPRINT
Local-FortiGate Using the Add Device Wizard Exercise 2: Registering a Device on FortiManager

10. Select the Import Policy Package checkbox.

11. Click Next.
12. On the policy package import page, do the following:
l Make sure the policy package name is configured as Local-FortiGate_root.
l Accept the policy and object import defaults.
l Change Mapping Type to Per-Device.

13. Click Next.

14. On the conflict page, click View Conflict on all of the entries.
This shows you the details of the configuration differences between FortiGate and FortiManager.

15. In the Use Value From column, keep the default setting of FortiGate.

28 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT a Device on FortiManager Add Local-FortiGate Using the Add Device Wizard

You may see different output.

16. Click Next.

Note the objects identified—these should be identified as duplicates, new, or updating existing FortiManager.

17. Click Next.

18. Click Download Import Report.
19. In a text editor, such as Notepad++, open the import report to review objects have been imported or skipped.

The option to download the import report is available only on this page. As a best
practice, you should download the report and review the important information, such
as which device is imported into which ADOM, as well as the name of the policy
package created, along with the objects imported.

FortiManager imports new objects and updates existing objects based on the option
that you choose on the conflict page. The duplicate objects are skipped because
FortiManager does not import duplicate entries into the ADOM database.

20. Close the text editor.

21. Click Finish.
The Local-FortiGate device should now be listed in Device Manager.

FortiManager 7.2 Operator Workshop Lab Guide 29

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Local-FortiGate Policy Package Exercise 2: Registering a Device on FortiManager

Now that you have imported policy and dependent objects for Local-FortiGate, you will view the policy package
created for Local-FortiGate.

To view the Local-FortiGate policy package

1. Continuing on the FortiManager GUI, click Device Manager, and then click Policy & Objects.

You will notice that a policy package named Local-FortiGate_root was created when you imported firewall
policies from your Local-FortiGate.

2. On the left, click Object Configurations.

3. Click Normalized Interface.

4. In the search field, type port1.

30 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT a Device on FortiManager Import System Template Settings From FortiGate

5. Select port1, and then click Edit.

6. Scroll down to the Per-Device Mapping section to view the ADOM interface mapping to device-level mappings,
which were created when the device was added.
These interfaces are used in policy packages to map firewall policies to interfaces on the firewall.

7. Click Cancel.
8. Clear the port1 from the search box.
9. Repeat the previous steps to view the port3 interface mapping.

Import System Template Settings From FortiGate

Now that you have added Local-FortiGate to FortiManager, you will import NTP server settings from Local-
FortiGate. These server settings can be used by multiple FortiGate devices using this system template.

To import system template settings from FortiGate

1. Continuing on the FortiManager GUI, click Policy & Objects, and then select Device Manager.

FortiManager 7.2 Operator Workshop Lab Guide 31

Fortinet Technologies Inc.
DO Import
NOT REPRINT
System Template Settings From FortiGate Exercise 2: Registering a Device on FortiManager

2. Click Provisioning Templates.

3. Click System Templates.

4. Select the default checkbox, and then click Edit.

5. Click Toggle Widgets, and then select the NTP Server checkbox.

32 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT a Device on FortiManager Import System Template Settings From FortiGate

6. Click Import.

7. In the Import from Device field, select Local-FortiGate.

8. Click OK.
9. Click Apply.

FortiManager 7.2 Operator Workshop Lab Guide 33

Fortinet Technologies Inc.
DO Add
NOT REPRINT
Remote-FortiGate Using the Add Device Wizard Exercise 2: Registering a Device on FortiManager

You will add Remote-FortiGate to FortiManager in My_ADOM using the Add Device Wizard. You will import the
policies and objects for Remote-FortiGate later.

To add Remote-FortiGate using the Add Device wizard

1. Continuing on the FortiManager GUI, click Device & Groups.

2. Click Add Device.

3. In the Add Device wizard, select Discover Device, and then configure the following settings:

Field Value

IP Address 10.200.3.1

(This is the IP address of port4 on FortiGate.)

Use legacy device login Enable

Username admin

Password password

4. Click Next.
5. Click Next.
6. Click Import Later.

34 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT
FortiManager
a Device on Assign the System Template to Local-FortiGate and Remote-
FortiGate

The Remote-FortiGate device should now be listed on the Device Manager page.

Assign the System Template to Local-FortiGate and Remote-FortiGate

You will assign the default system template to Local-FortiGate and Remote-FortiGate to apply system settings.

To assign the system template to Local-FortiGate and Remote-FortiGate

1. Continuing on the FortiManager GUI, click Device & Groups.
2. Click Local-FortiGate.

3. In the Configuration and Installation widget, click the Provisioning Templates.

FortiManager 7.2 Operator Workshop Lab Guide 35

Fortinet Technologies Inc.
DO Assign
NOT the System Template to Local-FortiGate and Remote-
FortiGate REPRINT Exercise 2: Registering a Device on
FortiManager

4. In the Assign Provisioning Templates window, in the System Template field, select default.

36 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Registering
REPRINT
FortiManager
a Device on Assign the System Template to Local-FortiGate and Remote-
FortiGate

6. Repeat steps 1 to 5 for Remote-FortiGate.

The Provisioning Templates column displays default for both Local-FortiGate and Remote-FortiGate.

Stop and think!

Why is the Policy Package Status for Remote-FortiGate Never Installed?

When you select Import Later in the Add Device wizard, or add an unregistered device to FortiManager,
the policy package status is Never Installed because there is still no policy package created for the newly
added FortiGate.

You will run the Import Policy wizard later.

If you add an unregistered device, you must run the Import Policy wizard to import the device’s firewall
policy into a new policy package.

FortiManager 7.2 Operator Workshop Lab Guide 37

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Lab 4: Device-Level Configuration and Installation

In this lab, you will explore common operations that you can perform using the device manager, such as
configuring device-level changes, checking the statuses of managed devices, installing configuration changes,
and keeping the managed devices in sync with the device database on FortiManager.

Objectives
l Understand the statuses of managed devices on FortiManager
l Use the status information in the Configuration and Installation Status widget
l Make and install configuration changes using the device manager
l Make configuration changes locally on FortiGate, and then verify that FortiManager automatically retrieved the
changes
l Identify entries in the revision history and the management actions that created the new revisions
l Install a large number of managed device changes using scripts

Time to Complete
Estimated: 45 minutes

38 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Understanding the Statuses of Managed
Devices

In this exercise, you will check and learn about the statuses of FortiGate devices on FortiManager. Depending on
the configuration changes, a FortiGate can have a different Sync Status and Device Settings Status.
l The Sync Status indicates whether the FortiGate configuration matches the latest revision history.
l The Device Settings Status indicates whether the FortiGate configuration stored in the device-level database
matches the latest running revision history.

To check the status of a managed device

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.

Stop and think!

Why does the Config Status field for the FortiGate devices show the status Modified?

In the previous exercise, you applied system templates to both FortiGate devices. The configuration running
on the FortiManager device-level database is different from the latest revision history. This changes the
Config Status to Modified. The provisioning template changes must be installed on the FortiGate devices
to return the devices to the synchronized state.

4. Click Local-FortiGate.

5. In the Configuration and Installation widget, check the Config Status field—it should be Modified.

FortiManager 7.2 Operator Workshop Lab Guide 39

Fortinet Technologies Inc.
DO NOT REPRINT Exercise 1: Understanding the Statuses of Managed Devices

6. On the Local-Client VM, open PuTTY, and then connect over SSH to the FortiManager saved session.
7. Log in with the username admin and password password.
8. Enter the following command to display the device statuses on the CLI:
diagnose dvm device list

Stop and think!

If the Config Status is Modified, why is the FortiGate conf still showing as in sync?

The Device Settings Status is the status between the device-level database configuration and the latest
revision history. Applying system templates changes the device-level database configuration, so it enters
the Modified state. You can see these details when you run the diagnose dvm device list
command.

The conf field on the CLI shows the status between the latest revision history and the actual FortiGate
configuration. Because the latest revision history is the same as the FortiGate configuration, the conf field
shows the in sync state.

The output also shows the serial number of the device, the connecting IP address of the device, the firmware
version, the name of the device on FortiManager, and the ADOM that the device is added to.

9. Examine the STATUS row of the diagnose dvm device list output for Local-FortiGate and Remote-
FortiGate.

40 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Understanding
REPRINT the Statuses of Managed Devices

Data What it means Actions to take

dev-db: not modified Device-level configuration changes were made on The FortiManager
FortiManager. administrator can
template: [modified]
install
default
configuration
Note: On the GUI, the Config Status appears as changes to the
Modified. However, the CLI shows separate managed device
statuses for dev-db and template. to return it to an
unmodified state.

conf: in sync The latest revision history is in sync with the

FortiGate configuration.

cond: pending Configuration changes must be installed. The FortiManager

administrator can
install
configuration
changes on the
managed device
to return it to an
unmodified state.

conn: up The FGFM tunnel between FortiManager and

FortiGate is open.

10. Close the PuTTY session.

FortiManager 7.2 Operator Workshop Lab Guide 41

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 2: Installing System Template Changes on
Managed Devices

In the previous lab, you added FortiGate devices to FortiManager and applied system templates.

In this exercise, you will install system template changes on both FortiGate devices, and then view those changes
locally, by logging in to each FortiGate.

Install System Templates

You will install the default system template changes to Local-FortiGate and Remote-FortiGate using the Install
Wizard.

To install system templates

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager > Managed FortiGate.
4. Click Install > Install Wizard.

5. In the Install Wizard, make sure Install Device Settings (only) is selected, and then click Next.

42 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Installing
REPRINT System Template Changes on Managed Devices Install System Templates

6. On the Device Settings page, ensure that both FortiGate devices are selected.

7. Click Next.
8. Click Install Preview.

This shows you the changes that will be applied to all selected FortiGate devices.

9. On the Install Preview page, click Close.

Optionally, you can select Install Preview for Remote-FortiGate.

10. Make sure that both FortiGate devices are selected.

FortiManager 7.2 Operator Workshop Lab Guide 43

Fortinet Technologies Inc.
DO Check
NOT REPRINT
the Status of the Managed Device Exercise 2: Installing System Template Changes on Managed Devices

11. Click Install.

12. Once the installation is successful, select Local-FortiGate, and then click View Installation Log.

This is the installation log that shows exactly what is installed on the managed device.

The following image is an example log for Local-FortiGate:

13. Click Close.

14. Click Finish.

Check the Status of the Managed Device

You will check the status of the managed device after the installation.

44 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Installing
REPRINT System Template Changes on Managed Devices Check the Status of the Managed Device

© FORTINET
To check the status of the managed device
1. Continuing on the FortiManager GUI, review the Config Status.
It should now appear as Synchronized.

2. Click Local-FortiGate.

3. Under Configuration and Installation status, you should see that the Config Status is in the Synchronized
state.

4. Open PuTTY, and then connect over SSH to the FortiManager saved session.
5. Log in with the username admin and password password.
6. Enter the following command to display device statuses on the CLI:
diagnose dvm device list
You should see the following in the output for Local-FortiGate and Remote-FortiGate:

FortiManager 7.2 Operator Workshop Lab Guide 45

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Pushed Configuration on FortiGate Exercise 2: Installing System Template Changes on Managed Devices

© FORTINET
The dev-db status is not modified, which means that the FortiGate device-level database
configuration matches the latest running revision history. The dm: installed field means that the
installation was performed on FortiManager.

7. Enter the following command to display the FGFM tunnel statuses:

diagnose fgfm session-list

You can use this command to view the connecting IP address of managed devices, the link-level address that
FortiManager assigns, and the uptime of the FGFM tunnel between FortiGate and FortiManager.

8. Close the PuTTY session.

View the Pushed Configuration on FortiGate

Using FortiManager, you installed the system template configuration on both FortiGate devices. Now, you will log
in to the Local-FortiGate and Remote-FortiGate GUIs to view the configuration that was installed using
FortiManager.

To view the pushed configuration on the Local-FortiGate GUI

1. Log in to the Local-FortiGate GUI with the username admin and password password.
2. Click Login Read-Only.

When you connect locally to a device that FortiManager is managing, a warning

message appears because the device is centrally managed. Do not use the read-write
option locally on FortiGate unless it is absolutely necessary. An example might be that
a FortiManager administrator is unavailable to make configuration changes and
installations to manage FortiGate devices.

3. Click Log & Report > Log Settings.

You will notice that the Remote Logging and Archiving settings are the same as the default system
template entries.

46 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Installing
REPRINT System Template Changes on Managed Devices View the Pushed Configuration on FortiGate

4. Log out of the Local-FortiGate GUI.

FortiManager 7.2 Operator Workshop Lab Guide 47

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 3: Viewing the Auto Update Status and Revision
History

By default, configuration changes made directly on FortiGate are automatically updated (retrieved) by
FortiManager, and are reflected in the revision history. If required, you can disable the automatic update behavior
on the FortiManager CLI under config system admin settings. This allows the FortiManager
administrator to accept or reject the configuration changes.

In this exercise, you will make configuration changes directly on the FortiGate devices, and then verify that
FortiManager automatically retrieved the configuration changes.

You will also review the configuration revision history of each FortiGate, which is created by auto update and other
actions.

Make Direct Changes on Local-FortiGate

You will make direct changes on Local-FortiGate.

To make direct changes on Local-FortiGate

1. Log in to the Local-FortiGate GUI with the username admin and password password.
2. Click Login Read-Write.

When you connect locally to a device that FortiManager is managing, a warning

3. Click Yes.
4. Click Log & Report > Log Settings.
5. Disable Enable Local Reports.

6. Click Apply.
7. Log out of the Local-FortiGate GUI.

48 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT3: Viewing
REPRINT
the Auto Update Status and Revision History Make Direct Changes on Remote-FortiGate

You will make direct changes on Remote-FortiGate. You will repeat the same steps for Remote-FortiGate that you
did for Local-FortiGate.

To make direct changes on Remote-FortiGate

1. Log in to the Remote-FortiGate GUI with the username admin and password password.
2. Click Login Read-Write.
3. Click Yes.
4. Click Log & Report > Log Settings.
5. Disable Enable Local Reports.
6. Click Apply.
7. Log out of the Remote-FortiGate GUI.

View the Auto Update Status and Revision History

Now that you have made the configuration changes locally on both FortiGate devices, you will view the auto
update status on FortiManager, and view the configuration revision history entries that FortiManager created.

To view the auto update status

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.
You will notice that the Config Status is now in the Auto-update state for both FortiGate devices.

This confirms that the changes you made locally were backed up to FortiManager.

To view the revision history

1. Click Local-FortiGate.

FortiManager 7.2 Operator Workshop Lab Guide 49

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Auto Update Status and Revision History Exercise 3: Viewing the Auto Update Status and Revision History

2. In the Configuration and Installation widget, click the Revision History icon.

You should see three configurations (you may have more configurations if you made further changes):
l The first Installation status should be Auto Updated, indicating that these changes were made locally on
FortiGate and were automatically updated on FortiManager.
l The second Installation status should be Installed, indicating that these changes were made by FortiManager
on the managed device.
l The third Installation status should be Retrieved, indicating that this configuration was taken from the device
running configuration, when it was added to FortiManager.

50 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT3: Viewing
REPRINT
the Auto Update Status and Revision History View the Installation Log

View the Installation Log

When the installation is done using FortiManager, the installation log shows the name of the administrator who
made the changes, along with the commands that FortiManager sent. If an installation fails, the installation log is
useful because it shows the commands that the managed device received and accepted, as well as the
commands that the managed device did not accept.

To view the installation log

1. Continuing on the Configuration Revision History page, in the ID column, select 2, and then click View Install
Log.

You should see the CLI commands that FortiManager sent (which are identical to the installation that you
previewed earlier) and the FortiGate response.

FortiManager 7.2 Operator Workshop Lab Guide 51

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Installation Log Exercise 3: Viewing the Auto Update Status and Revision History

2. Click Close to close the View Installation Log of revision 2 window.

3. Click Close to close the Configuration Revision History window.

52 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 4: Configuring Device-Level Changes

You can view and configure the device-level settings of the managed FortiGate in the Device Manager pane.
Most of these settings have a one-to-one correlation with the device configuration that you would see if you logged
in locally on the GUI or CLI of each FortiGate.

In this exercise, you will make configuration changes for the managed FortiGate in the Device Manager pane.

Change the Interface Settings of the Managed FortiGate

If you try to change the managed FortiGate interface that is used for communicating with FortiManager, you
receive a warning that this may disrupt the communication between FortiManager and FortiGate. If there is a
communication disruption between FortiManager and FortiGate during an installation, FortiManager attempts to
recover the connection, but this reverts the installation changes.

You will change the Administrative Access setting of the Remote-FortiGate port4 interface that is used by
Remote-FortiGate to communicate with FortiManager.

To change the interface settings of the managed FortiGate

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.
4. Click Remote-FortiGate.

5. Click System > Interface.

FortiManager 7.2 Operator Workshop Lab Guide 53

Fortinet Technologies Inc.
DO Change
NOTtheREPRINT
Interface Settings of the Managed FortiGate Exercise 4: Configuring Device-Level Changes

6. Right-click port4, and then click Edit.

7. In Administrative Access section, select the Security Fabric Connection checkbox.
8. Click OK.
9. Click Managed FortiGate.

Stop and think!

Why is the Config Status showing the Modified (recent auto-updated) status for Remote-FortiGate?

The Modified status means that the device-level database change was made to Remote-FortiGate. You
changed the interface configuration.

The status recent auto-updated in parentheses means that the previous configuration changes were made
locally on FortiGate, and then automatically updated on FortiManager. You made changes to logging
settings locally in the previous lab.

54 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT4: Configuring
REPRINT Device-Level Changes Filter Devices Based on Status

FortiManager allows you to filter devices based on their current status. This is very helpful when you are managing
a large number of devices in the same ADOM. Based on the status, the FortiManager administrator can take
appropriate action.

You can filter device statuses based on:

l Connection
l Device configuration (device database status)
You will now filter devices based on their device configuration status.

To filter devices based on status

1. Continuing on the FortiManager GUI, click Managed FortiGate.

2. In the Device Config Status dashboard, click Modified.

Only Remote-FortiGate appears in the Managed FortiGate list.

Configure the Administrator Account

You will create a new administrator account for Local-FortiGate on FortiManager.

FortiManager 7.2 Operator Workshop Lab Guide 55

Fortinet Technologies Inc.
DO Configure
NOTtheREPRINT
Administrator Account Exercise 4: Configuring Device-Level Changes

2. Click Display Options.

3. Click Customize.
4. In the System category, select the Administrators checkbox.

5. Click OK.
6. Click System > Administrators.

56 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT4: Configuring
REPRINT Device-Level Changes Configure the Administrator Account

7. Click Create New.

8. Configure the following settings:

Field Value

Admin training

Type Local User

Password fortinet

Confirm Password fortinet

Admin Profile prof_admin

Your configuration should look like the following example:

9. Keep the default values for all other settings, and then click OK.
10. Click Managed FortiGate.

FortiManager 7.2 Operator Workshop Lab Guide 57

Fortinet Technologies Inc.
DO Configure
NOTtheREPRINT
Administrator Account Exercise 4: Configuring Device-Level Changes

You will notice that the Config Status for Local-FortiGate has changed to Modified.

This is because you made a device-level configuration change for Local-FortiGate by configuring the
administrator account.

58 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 5: Installing Configuration Changes

You made configuration changes to the managed devices using FortiManager.

l For Remote-FortiGate, you enabled the Security Fabric connection service on port4.
l For Local-FortiGate, you configured a new administrator.
In this exercise, you will install these changes on the managed device using the Install Wizard, and then view the
installation history. You will also compare the differences in the revision history configurations using the Revision
Diff feature.

Use the Install Wizard

You will install these changes on the managed devices using the Install Wizard.

To install configuration changes on FortiGate using the Install Wizard

1. Continuing on the FortiManager GUI, click Install Wizard.

2. Select Install Device Settings (only).

FortiManager 7.2 Operator Workshop Lab Guide 59

Fortinet Technologies Inc.
DO Use
NOT REPRINT
the Install Wizard Exercise 5: Installing Configuration Changes

3. Click Next.
4. On the Device Settings page, make sure that both FortiGate devices are selected.

5. Click Next.
6. Click Install Preview.

This shows you the changes that will be applied to the FortiGate devices.

60 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT5: Installing
REPRINT Configuration Changes Use the Install Wizard

© FORTINET
7. On the Install Preview of Selected Devices page, click Close.
Optionally, you can also check the Install Preview for Remote-FortiGate.

8. Make sure that both FortiGate devices are selected.

9. Click Install.
10. Once the installation has completed successfully, select Local-FortiGate, and then click View Installation Log.

This is the installation log that shows exactly what is installed on the managed device.

11. On the Install Log page, click Close.

12. Click Finish.
13. Click Managed FortiGate.

The Config Status should now be in the Synchronized state.

FortiManager 7.2 Operator Workshop Lab Guide 61

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Revision Differences Exercise 5: Installing Configuration Changes

View the Revision Differences

After every retrieve, auto update, and installation operation, FortiManager stores the FortiGate configuration
checksum output with the revision history. This is how the out-of-sync condition is calculated.

The Revision Diff is a useful feature that you can use to compare the differences between previous revisions, a
specific revision, or the factory default configuration. In terms of the output, you can choose to show full
configuration with differences, only the differences, or you can capture the differences to a script.

You will compare the differences between the latest revision and previous revision.

To view the revision differences

1. Continuing on the FortiManager GUI, click Local-FortiGate > Dashboard > Summary.

2. In the Configuration and Installation widget, click the Revision History icon.

3. In the ID column, click 4, and then click Revision Diff.

62 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT5: Installing
REPRINT Configuration Changes View the Revision Differences

4. Select Show Diff Only.

5. Click Apply.

This shows the difference in configuration between the previous version and the current running version.

Remember, you configured the FortiAnalyzer settings for both FortiGate devices.

6. Click Close.
7. In the ID column, click 4 again, and then click Revision Diff.
8. Select Capture Diff to a Script.

9. Click Apply.
10. Click Close.

FortiManager 7.2 Operator Workshop Lab Guide 63

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Revision Differences Exercise 5: Installing Configuration Changes

11. In the Configuration Revision History window, click Close.

12. In the Firefox window, click the download icon.
13. Right-click the filename, and then click Open Containing Folder.

14. Open the file using the default text editor.

This shows you the exact CLI syntax of the changes. You can use this script to configure other FortiGate
devices if they require the same settings using the script feature on FortiManager.

15. Close the text editor and Downloads windows.

This demonstrates capturing differences in the form of scripts. Make sure that the
script captured is valid for other FortiGate devices before using it for other FortiGate
devices. If required, you can edit the script before applying it to other FortiGate
devices.

For example, if you configured a static route along with the administrator setting, the
static route settings might not be valid for other FortiGate devices.

64 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 6: Using Scripts

A script can make many changes to a managed device and is useful for making bulk configuration changes and
ensuring consistency across multiple managed devices. You can configure and install scripts from FortiManager
to managed devices.

Scripts can be run on:

l Device database (default)
l Policy package
l ADOM database
l Remote FortiGate directly (using the CLI)
You must perform an installation if you run a script on a device database, policy package, or ADOM database.

In this exercise, you will make configuration changes using the script feature, and then install the changes on the
managed devices.

Configure Scripts

You will configure scripts for the managed devices.

To configure scripts
1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.
4. Click Scripts.

5. Click More , and then click Import CLI Script.

FortiManager 7.2 Operator Workshop Lab Guide 65

Fortinet Technologies Inc.
DO Configure
NOTScriptsREPRINT Exercise 6: Using Scripts

6. Click Add Files.

7. Click Desktop > Resources > FortiManager > Device-Config, and then select Local-Script.
8. Click Open, keep the default values for all other settings, and then click Import.

9. Click Close.
10. Click Import CLI Script again.

11. Click Add Files.

12. Click Desktop > Resources > FortiManager > Device-Config, and then select Remote-Script.
13. Click Open, keep the default values for all other settings, and then click Import.
14. Click Close.

66 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT6: Using
REPRINT
Scripts Run and Install Scripts

Because the scripts target the device database, you will first run the scripts against the device database, and then
install the scripts on the managed devices.

To run scripts
1. Continuing on the FortiManager GUI, select the Local-Script checkbox, and then click Run Script.

2. Select and add Local-FortiGate to the Selected Entries list.

3. Click Run Now.

4. Click OK.
5. Click View Details, and then click the View Script Executing History icon.
Scroll to the bottom of the script execution window to check that the script ran successfully on the device
database.

FortiManager 7.2 Operator Workshop Lab Guide 67

Fortinet Technologies Inc.
DO Run
NOT REPRINT
and Install Scripts Exercise 6: Using Scripts

If required, you can also view the script execution history later in the Configuration
and Installation Status widget or in the Task Monitor.

6. Click Close.
7. Click Close.
8. Clear the Local-Script checkbox, select the Remote-Script checkbox, and then click Run Script.
9. Select and add Remote-FortiGate to the Selected Entries list.
10. Click Run Now.
11. Click OK.
12. Click Close.

To install scripts
1. Continuing on the FortiManager GUI, click Device & Groups > Managed FortiGate.

68 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT6: Using
REPRINT
Scripts Run and Install Scripts

Why is the Config Status showing Modified for both FortiGate devices? If you do not see the Modified
status, refresh the page a few times.

Why is the Policy Package Status for Local-FortiGate showing Out of Sync, but the Policy Package
Status for Remote-FortiGate remains unchanged as Never Installed?

The scripts contain configuration changes related to device-level settings and policies.

The Config Status is Modified for both FortiGate devices because of device-level changes.

Because the Local-FortiGate policy package was imported when you added FortiGate, FortiManager
detects policy-level changes, and marks the Local-FortiGate Policy Package Status as Out of Sync.

For Remote-FortiGate, the policy package was never imported, and therefore FortiManager cannot
compare the differences in the policies.

2. Select Local-FortiGate and Remote-FortiGate, click Install, and then click Quick Install.

3. Click OK.
The installation is successful on both FortiGate devices.

FortiManager 7.2 Operator Workshop Lab Guide 69

Fortinet Technologies Inc.
DO Run
NOT REPRINT
and Install Scripts Exercise 6: Using Scripts

© FORTINET
The Quick Install option does not provide an option for installation preview and
installation log. You should use it only if you are absolutely sure about the changes you
are trying to install.

4. Click Finish.

70 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Lab 5: Policies and Objects

In this lab, you will explore the common operations of the Policy & Objects pane, which you can use to centrally
manage FortiGate firewall policies and manage shared and dynamic objects.

Objectives
l Import firewall policies and objects from a managed device, and then review the imported policy packages
l Create ADOM revisions
l Create a policy package that is shared across multiple devices
l Create shared objects and dynamic objects with mapping rules
l Identify the different policy and object interface mapping types, and configure zone mappings
l Install a policy package and device settings on the Policy & Objects pane

Time to Complete
Estimated: 55 minutes

FortiManager 7.2 Operator Workshop Lab Guide 71

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Importing Policies

In the previous lab, you installed scripts that contained device-level and policy configuration changes. Because
you ran the scripts on a device database that created the revision history containing these changes, the policy
packages are not automatically updated, and you must import them manually.

In this exercise, you will import the policies using the Import Policy wizard, which will update the policy packages
to reflect the configuration changes.

Additionally, you will create an ADOM revision, which is a snapshot of all the policy and object configurations for
an ADOM.

Import Policies

You will import policies and objects for both of the managed FortiGate devices.

To import policies
1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Device Manager.
4. Right-click Local-FortiGate, and then click Import Configuration.

5. Select Import Policy Package.

6. Click Next.
7. In the Policy Package Name field, type Local-FortiGate-1 to change the name.

72 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Importing
REPRINTPolicies Import Policies

© FORTINET
8. In the Object Selection field, select Import all objects.
9. In the port2 row, select Per-Device, and then ensure that the other two ports are also set to Per-Device.

10. Click Next.

11. On the conflict page, click Next.
Review the objects that will be imported.

12. Click Next.

13. Click Finish.

Download Import Report is available only on this page—make sure that you
download the import report before you click Finish.

14. Right-click Remote-FortiGate, and then click Import Configuration.

15. Select Import Policy Package.
16. Click Next.
17. In the Mapping Type column, select Per-Device for all three ports.

FortiManager 7.2 Operator Workshop Lab Guide 73

Fortinet Technologies Inc.
DO Import
NOT REPRINT
Policies Exercise 1: Importing Policies

18. Click Next.

19. Click Next until you reach the Finish page.
20. Click Finish.
21. Click Device Manager, and then click Policy & Objects.

22. Click Policy Packages.

23. Click Firewall Policy for each policy package to compare the policies in the Local-FortiGate_root and Local-
FortiGate-1 policy packages.
The following image shows the policy package for Local-FortiGate_root:

The following image shows the policy package for Local-FortiGate-1:

74 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Importing
REPRINTPolicies Create ADOM Revisions

Create ADOM Revisions

An ADOM revision creates a snapshot of the policy and object configuration for the ADOM. Now that you have
imported policies and objects from both FortiGate devices, you will create ADOM revisions that are stored locally
on FortiManager, and are useful for comparing the differences between two revisions or reverting to a previous
revision.

To create an ADOM revision

1. Continuing on the FortiManager GUI, click ADOM Revisions.

2. Click Create New, and then in the Name field, type Initial revision.
3. Select Lock this revision from auto deletion.

FortiManager 7.2 Operator Workshop Lab Guide 75

Fortinet Technologies Inc.
DO Create
NOT REPRINT
ADOM Revisions Exercise 1: Importing Policies

© FORTINET
4. Click OK.
You can see the lock icon, the name of the administrator who created the revision, and the date and time.

5. Click Close.

76 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 2: Creating a Common Policy for Multiple
Devices

You will create a single policy package that can be shared by multiple devices, as opposed to having a policy
package for each device, which is the current configuration. You will use the installation target setting in a firewall
policy to target specific policies to specific FortiGate devices.

Create Dynamic Mappings for Address Objects

You will configure dynamic mappings for objects that are used to map a single logical object to a unique definition
for each device.

To create dynamic mappings for address objects

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click My_ADOM.
3. Click Policy & Objects.
4. Click Object Configurations.

5. Click Firewall Objects > Addresses.

6. Click Create New > Address.
7. Configure the following settings:

Field Value

Name Internal

Type Subnet

IP/Netmask 10.0.0.0/8

FortiManager 7.2 Operator Workshop Lab Guide 77

Fortinet Technologies Inc.
DO Create
NOT REPRINT
Dynamic Mappings for Address Objects Exercise 2: Creating a Common Policy for Multiple Devices

© FORTINET
8. In the Per-Device Mapping section, configure the following settings:
a. Expand Per-Device Mapping.
b. Click Create New.

c. In the Mapped Device field, select Local-FortiGate.

d. In the IP/NetMask field, type 10.0.1.0/24.
e. Click OK.

f. Click Create New again.

78 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
REPRINT
a Common Policy for Multiple Devices Create Dynamic Mappings for Address Objects

g. In the Mapped Device field, select Remote-FortiGate.

h. In the IP/NetMask field, type 10.0.2.0/24.
i. Click OK.

Your configuration should look like the following example:

FortiManager 7.2 Operator Workshop Lab Guide 79

Fortinet Technologies Inc.
DO Create
NOT
Zones
Dynamic Mappings for Interfaces and Device
REPRINT Exercise 2: Creating a Common Policy for Multiple
Devices

9. In the Change Note field, type some text.

10. Click OK.

Create Dynamic Mappings for Interfaces and Device Zones

You will create dynamic mappings for interfaces and device zones.

To create dynamic mappings for interfaces

1. Continuing on the FortiManager GUI, click Normalized Interface.

80 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create Dynamic Mappings for Interfaces and Device
Zones

3. Right-click port3, and then select Edit.

4. In the Per-Device Mapping section, in the Mapped Device column, select Local-FortiGate(root), and then click
Delete.
5. In the Change Note field, type some text.
6. Click OK.
7. In the search field, type port6.
8. Right-click port6, and then select Edit.
9. In the Per-Device Mapping section, in the Mapped Device column, select Remote-FortiGate(root), and then
click Delete.

10. In the Change Note field, type some text.

11. Click OK.

You must delete the Per-Device Mapping. This is because interfaces were
dynamically mapped when the devices were added to FortiManager. After deleting the
previous mapping, you can then add these interfaces to map to newly created
normalized interfaces.

12. Click Create New.

13. In the Name field, type Inside.
14. In the Per-Device Mapping section, click Create New, and then configure the following settings:

FortiManager 7.2 Operator Workshop Lab Guide 81

Fortinet Technologies Inc.
DO Create
NOT
Zones
Dynamic Mappings for Interfaces and Device
REPRINT Exercise 2: Creating a Common Policy for Multiple
Devices

© FORTINET
a. In the Mapped Device field, select Local-FortiGate.
b. In the Mapped Interface Name field, select port3.
c. Click OK.

d. Click Create New again.

e. In the Mapped Device field, select Remote-FortiGate.
f. In the Mapped Interface Name field, select port6.
g. Click OK.
Your configuration should look like the following example:

15. In the Change Note field, type some text.

16. Click OK.

82 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
REPRINT
a Common Policy for Multiple Devices Import and Install a CLI Script to Delete Policies

You will import and install a script on the policy package to delete policies.

To import and install a CLI script

1. Continuing on the FortiManager GUI, click Policy & Objects > Device Manager.
2. Click Scripts.

3. Click Import CLI Script.

4. Click Add Files.

5. Click Desktop > Resources > FortiManager > Policy, and then select Local-Policy-Script.
6. Click Open, and then in the Run Script on field, select Policy Package or ADOM Database.
7. Click Import.

FortiManager 7.2 Operator Workshop Lab Guide 83

Fortinet Technologies Inc.
DO Run
NOT REPRINT
and Install the Scripts Exercise 2: Creating a Common Policy for Multiple Devices

8. Click Close.
9. Click Import CLI Script again.

10. Click Add Files.

11. Click Desktop > Resources > FortiManager > Policy, and then select Remote-Policy-Script.
12. Click Open, and then in the Run Script on field, select Policy Package or ADOM Database.
13. Click Import.
14. Click Close.

Run and Install the Scripts

Because the scripts are targeting the policy package, you will first run the scripts against the policy package, and
then install the scripts on the managed devices.

To run the scripts

1. Continuing on the FortiManager GUI, select the Local-Policy-Script checkbox, and then click Run Script.

2. In the Run script on policy package field, select Local-FortiGate-1.

84 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
REPRINT
a Common Policy for Multiple Devices Run and Install the Scripts

3. Click Run Now.

4. Click View Details, and then click the View Script Execution History icon.
5. Scroll to the bottom of the script execution window to check that the script ran successfully on the policy package.

If needed, you can also view the script execution history later in the Configuration
and Installation Status widget or in the Task Monitor.

6. Click Close.
7. Click Close.
8. Clear the Local-Policy-Script checkbox, select the Remote-Policy-Script checkbox, and then click Run Script.
9. In the Run script on policy package field, select Remote-FortiGate.

FortiManager 7.2 Operator Workshop Lab Guide 85

Fortinet Technologies Inc.
DO Run
NOT REPRINT
and Install the Scripts Exercise 2: Creating a Common Policy for Multiple Devices

10. Click Run Now.

11. Click Close.

To install configuration
1. Continuing on the FortiManager GUI, click Device & Groups > Managed FortiGate.
2. Click Install, and then click Install Wizard.
3. Select Install Policy Package & Device Settings, and then in the Policy Package field, select Local-FortiGate-
1.
4. Click Next.
5. Make sure that Local-FortiGate is selected, and then click Next.
6. Select Local-FortiGate, and then click Install.

7. Click Finish.
8. Click Install, and then click Install Wizard.
9. Select Install Policy Package & Device Settings, and then in the Policy Package field, select Remote-
FortiGate.
10. Click Next.
11. Make sure that Remote-FortiGate is selected, and then click Next.
12. Select Remote-FortiGate, and then click Install.
13. Click Finish.

To view configuration changes locally on FortiGate

1. Log in to the Local-FortiGate GUI with the username admin and password password.
2. Click Login Read-Only.

86 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
REPRINT
a Common Policy for Multiple Devices Run and Install the Scripts

4. Log out of the Local-FortiGate GUI.

5. Log in to the Remote-FortiGate GUI with the username admin and password password.
6. Click Login read-only.
7. Click Policy & Objects > Firewall Policy.
You should see only the Implicit Deny policy.

8. Log out of the Remote-FortiGate GUI.

Stop and think!

Why did you delete the policies on the FortiGate devices?

This is because external ports in the configuration were already being used by the policies. You cannot add
interfaces to the zone that are already being used by the policies on the FortiGate.

You must update the policy packages on the devices before you add interfaces to the device zone.

To create dynamic mappings for device zones

1. Continuing on the FortiManager GUI, click Device & Groups > Managed FortiGate.
2. Click Local-FortiGate, and then click System > Interface.

When you create a device zone, map the zone to a physical interface. To use the zone
in a policy, you must also map the zone to a normalized interface.

3. Click Create New > Device Zone.

4. In the Zone Name field, type Outside.
5. Configure the following:

FortiManager 7.2 Operator Workshop Lab Guide 87

Fortinet Technologies Inc.
DO Run
NOT REPRINT
and Install the Scripts Exercise 2: Creating a Common Policy for Multiple Devices

6. Click Remote-FortiGate.
7. Click System > Interface.
8. Click Create New > Device Zone again.
9. In the Zone Name field, type Outside.
10. Configure the following:
a. In the Interface Member field, select port4 and port5.
b. Enable Block intra-zone traffic.
c. Click OK.

11. Click Device Manager > Policy & Objects.

12. Click Object Configurations and then click Normalized Interface.
13. Click Create New.
14. In the Name field, type Outside.
15. In the Per-Device Mapping section, click Create New and then configure the following settings:
a. In the Mapped Device field, select Local-FortiGate.
b. In the Mapped Interface Name field, select Outside.
c. Click OK.
16. Click Create New again.
17. In the Per-Device Mapping section, configure the following settings:
a. In the Mapped Device field, select Remote-FortiGate.
b. In the Mapped Interface Name field, select Outside.

88 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create a Common Policy Package, an Installation Target, and Use
Install On

18. In the Change Note field, add any notes.

19. Click OK.
You have now created a dynamic interface and device zones.

Create a Common Policy Package, an Installation Target, and Use Install On

You can use FortiManager to target a common policy package to multiple devices. When you configure an
installation target, by default, all policies in the policy package are targeted to all selected FortiGate devices. You
can further restrict the policies in the policy package to be targeted to specific FortiGate devices by using the
Install On feature, which targets specific policies in the policy package to selected FortiGate devices in the Install
On column.

To create a common policy package

1. Continuing on the FortiManager GUI, click Policy Package > New.

FortiManager 7.2 Operator Workshop Lab Guide 89

Fortinet Technologies Inc.
DO Create
NOT
Install
a Common Policy Package, an Installation Target, and Use
On REPRINT
Exercise 2: Creating a Common Policy for Multiple
Devices

2. Name the new policy package Training, and then click OK.

To configure an installation target and use Install On

1. Continuing on the FortiManager GUI, click Installation Targets for the Training policy package.
2. Click Edit.

90 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create a Common Policy Package, an Installation Target, and Use
Install On

3. Select Local-FortiGate and Remote-FortiGate, and then add them to the Selected Entries section.
4. Click OK.
The Policy Package Status column shows the name of the currently active policy packages for these
FortiGate devices.

5. Click Firewall Policy for the Training policy package.

6. Click Create New.

FortiManager 7.2 Operator Workshop Lab Guide 91

Fortinet Technologies Inc.
DO Create
NOT
Install
a Common Policy Package, an Installation Target, and Use
On REPRINT
Exercise 2: Creating a Common Policy for Multiple
Devices

7. Configure the following settings:

Field Value

Name For_Local

Incoming Interface Inside

Outgoing Interface Outside

IPv4 Source Address Internal

IPv4 Destination Address all

Service HTTP, HTTPS, ALL_ICMP

Schedule always

Action Accept

NAT Select the checkbox.

Change Note New firewall policy

8. Click OK.
9. Click Create New to create a second policy, and then configure the following settings:

When you create the second policy, if you do not see all of the interfaces, make sure
that you clear the interface filter when you select the interfaces.

92 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create a Common Policy Package, an Installation Target, and Use
Install On

Name For_All

Incoming Interface Inside

Outgoing Interface Outside

IPv4 Source Address Internal

IPv4 Destination Address all

Service SSH, DNS

Schedule always

Action Accept

NAT Select the checkbox.

Change Note Policy 2

10. Click OK.

Your configuration should look like the following example:

11. Click the column settings icon, and then make sure that the Install On checkbox is selected. You need to scroll to
the right to find Install On column.

FortiManager 7.2 Operator Workshop Lab Guide 93

Fortinet Technologies Inc.
DO Create
NOT
Install
a Common Policy Package, an Installation Target, and Use
On REPRINT
Exercise 2: Creating a Common Policy for Multiple
Devices

© FORTINET
Once the Install On column is added, you can drag the column to where you want it positioned in the column
list.

12. For the For_Local policy, click Installation Targets.

13. Select Local-FortiGate.
14. Click OK.

Your policies should look similar to the following example:

To install a policy package

1. Return to Policy Packages, click Training > Firewall Policy, and then click Install Wizard.

2. Make sure the following settings are selected:

l Install Policy Package & Device Settings
l Policy Package: Training
3. Select the Create ADOM Revision checkbox, and then leave the Revision Name field at the default value.

94 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create a Common Policy Package, an Installation Target, and Use
Install On

4. Click Next.
5. Select both of the FortiGate devices.
6. Click Next.
If you hover over the Status column of the FortiGate devices, the name of the previous policy package is
displayed.

Optionally, you can preview the changes before you install them.

7. Make sure that both of the FortiGate devices are selected, and then click Install.
8. After the installation is successful, you can click View Installation Log to see the installation history for each
FortiGate.

FortiManager 7.2 Operator Workshop Lab Guide 95

Fortinet Technologies Inc.
DO Create
NOT
Install
a Common Policy Package, an Installation Target, and Use
On REPRINT
Exercise 2: Creating a Common Policy for Multiple
Devices

9. In the Install Log window, click Close.

10. Click Finish.

To view configuration changes locally on FortiGate

1. Log in to the Local-FortiGate GUI with the username admin and password password.
2. Click Login Read-Only.
3. Click Policy & Objects > Firewall Policy, and then select the By Sequence view.
You should see the following:
l There are two firewall policies that are based on the Training policy package.
l The Inside interface is translated to port3 locally on FortiGate and the Outside zone is created locally on
FortiGate, according to the dynamic mapping of interfaces and zones.

4. Click Addresses.
Internal is translated to 10.0.1.0/24, according to the dynamic mapping of address objects.

5. Click Network > Interfaces.

An Outside zone is created with port1 and port2 interfaces, according to the dynamic mapping of interfaces
and zones.

6. Log out of the Local-FortiGate GUI.

7. Log in to the Remote-FortiGate GUI with the username admin and password password.
8. Click Login read-only.
9. Click Policy & Objects > Firewall Policy.
10. You should see the following:
l There is only one firewall policy that is based on the Training policy package Install On targets.
l The Inside interface is translated to port6 locally on FortiGate and the Outside zone is created locally on
FortiGate, according to the dynamic mapping of interfaces and zones.

96 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Creating
Devices
a Common Policy for Multiple
REPRINT Create a Common Policy Package, an Installation Target, and Use
Install On

© FORTINET
Optionally, you can check the interface and zone under Network, and the Internal address object under
Addresses.

To review ADOM revisions

1. Return to the FortiManager GUI, and then click ADOM Revisions.

2. Right-click the Training revision, and then click Lock Revision.

3. Right-click Initial revision, and then click Delete.
4. Click OK.
5. Click Close.

You can use this revision to revert changes made to your policy packages and objects
in your ADOM. Remember, this does not revert settings at the Device Manager level.

FortiManager 7.2 Operator Workshop Lab Guide 97

In this lab, you will enable and configure a global header policy.

Header and footer policies are used to envelop policies within each ADOM. These are typically invisible to users
and devices in the ADOM layer. An example of where this is used is in a carrier environment, where the carrier
allows customer traffic to pass through their network but does not allow the customer to have access to the
carrier’s network assets.

Objectives
l Create a global header policy
l Assign the policy to an ADOM
l Install the policy on devices

Time to Complete
Estimated: 15 minutes

98 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO NOT REPRINT
© FORTINET
Exercise 1: Creating and Assigning Header Policies in the
Global ADOM

Header and footer policies are used to envelop the policies in each ADOM. You can create the header and footer
policies once in the global ADOM, and then assign them to multiple policy packages in other ADOMs.

In this exercise, you will create the header policy in the global ADOM, and then assign the header policy to the
managed devices in My_ADOM. Next, you will install the header policy on the managed devices.

To create a header policy

1. Log in to the FortiManager GUI with the username admin and password password.
2. Select the Global Database ADOM.

3. Click Firewall Header Policy.

4. Click Create New.

5. Configure the following settings:

Field Value

Name Global_Policy

Incoming Interface any

Outgoing Interface any

FortiManager 7.2 Operator Workshop Lab Guide 99

Fortinet Technologies Inc.
DO NOT REPRINT Exercise 1: Creating and Assigning Header Policies in the Global ADOM

IPv4 Source Address gall

IPv4 Destination Address gall

Service gPING

Schedule galways

Action Deny

Change Note New global policy

Your configuration should look like the following example:

6. Click OK.

100 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Creating
REPRINT
and Assigning Header Policies in the Global ADOM

3. Configure the following settings:

Field Value

ADOMs My_ADOM

Specify Policy Packages To Select the checkbox, and then select default.
Exclude

4. Click OK.
5. Select My_ADOM, and then click Assign.

FortiManager assigns the header policy to the Local-FortiGate and Remote-FortiGate_root policy packages.

To install a header policy

1. Continuing on the FortiManager GUI, click ADOM: Global Database.

FortiManager 7.2 Operator Workshop Lab Guide 101

Fortinet Technologies Inc.
DO NOT REPRINT Exercise 1: Creating and Assigning Header Policies in the Global ADOM

4. Click Install Wizard > Re-install Policy.

5. Click OK.
6. Click Install Preview.
The configuration changes that FortiManager will install on FortiGate appear—in this case, the header policy
and related objects.

7. In the Reinstall Preview window, click Close.

8. Click Next.
9. Click Finish.
10. Log in to the Local-FortiGate and Remote-FortiGate GUIs with the username admin and password password.

102 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Creating
REPRINT
and Assigning Header Policies in the Global ADOM

© FORTINET
11. Click Login Read-Only.
12. Click Policy & Objects > Firewall Policy.
You should see the header policy at the top.

13. Log out of both FortiGate devices.

14. On the Local-Client VM, open a terminal window, and then try to ping an external host (for example, 4.2.2.2).
You should see that the ping fails, because the header policy was configured to block the ping.
15. Close the terminal and PuTTY session window..

You can also promote ADOM objects to global objects. To do this, right-click any of the
ADOM objects, and then select Promote to Global. You can use promoted objects in
the global ADOM.

FortiManager 7.2 Operator Workshop Lab Guide 103

In this lab, you will perform diagnostics and troubleshooting when installing device-level settings and importing
firewall policies. You will also use FortiManager to upgrade the firmware on managed FortiGate devices.

Objectives
l Diagnose and troubleshoot issues when you install system templates
l Diagnose and troubleshoot issues when you import policy packages
l Import the firmware image for FortiGate devices and upgrade the devices using FortiManager

Time to Complete
Estimated: 40 minutes

Prerequisites
Before beginning this lab, you must restore the configuration files to Remote-FortiGate, Local-FortiGate, and
FortiManager.

To restore the FortiGate configuration file on both FortiGate devices

1. On the Local-Client VM, open a browser, and then log in to the Remote-FortiGate GUI with the username admin
and password password.
2. Click Login Read-Write.
3. Click Yes.
4. In the upper-right corner of the screen, click admin, and then click Configuration > Restore.

5. Click Local PC, and then click Upload.

6. Click Desktop > Resources > FortiManager > Troubleshooting, and then select Remote-diag.conf.
7. Click OK.
8. Click OK to reboot.
9. Log in to the Local-FortiGate GUI with the username admin and password password.
10. Repeat the same procedure to restore the system configuration for Local-FortiGate but, in the Troubleshooting
folder, select Local-diag.conf.
11. After the reboot finishes, close both browser tabs.

104 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Lab
NOT REPRINT
7: Diagnostics and Troubleshooting

© FORTINET
To restore the FortiManager configuration
1. On the Local-Client VM, open a browser, and then log in to the FortiManager GUI with the username admin and
password password.
2. Click root.
3. Click System Settings.
4. In the System Information widget, in the System Configuration field, click the Restore icon.

5. Click Browse.
6. Browse to Desktop > Resources > FortiManager > Troubleshooting, and then select FMG-diag.dat.
You do not have to enter a password because the file is not encrypted.

7. Leave the Overwrite current IP, routing and HA settings checkbox selected.

8. Click OK.
FortiManager reboots.

9. Wait for FortiManager to reboot, and then log in to the FortiManager GUI as the admin user.
10. Click root.
11. Click System Settings.
12. Click Advanced > Advanced Settings.

FortiManager 7.2 Operator Workshop Lab Guide 105

Fortinet Technologies Inc.
DO NOT REPRINT Lab 7: Diagnostics and Troubleshooting

13. In the Offline Mode field, select Disable.

14. Click Apply.

The Offline Mode message disappears. Now FortiManager can establish a management connection with the
managed devices.

15. Log out of FortiManager.

106 FortiManager 7.2 Operator Workshop Lab Guide

FortiManager is preconfigured as follows:

l ADOMs are enabled.
l ADOM1 is configured for FortiGate firmware version 7.2.
l FortiManager is managing Local-FortiGate and Remote-FortiGate in ADOM1—the Remote-FortiGate policy
package is not imported.
l The default system template is configured with the DNS widget only.
l The default system template is applied to Local-FortiGate and Remote-FortiGate.

In this exercise, you will diagnose and troubleshoot issues that occur when you install configuration changes on
Local-FortiGate and Remote-FortiGate.

View the Installation Preview

You will view the installation preview to learn which device-level configuration changes FortiManager will install on
the FortiGate devices. The objective of this task is to verify and troubleshoot to make sure FortiManager installs
the correct configuration settingson the FortiGate devices.

To view the installation preview for Local-FortiGate

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click ADOM1.

FortiManager 7.2 Operator Workshop Lab Guide 107

Fortinet Technologies Inc.
DO View
NOT REPRINT
the Installation Preview Exercise 1: Diagnosing and Troubleshooting Installation Issues

5. In the Configuration and Installation widget, click Install Preview.

Notice that default is listed as the System Template, which is preassigned to Local-FortiGate.

The installation preview generates.

In the lab environment, the Config Status may remain as Synchronized.

To resolve this issue, remove the default template on the Provisioning

Templates and then add it again. This step changes the status to Modified
and then you can see the Install Preview.

6. Write down the DNS settings that FortiManager will install on Local-FortiGate.

Primary:

Secondary:

7. Click Close.

108 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Diagnosing
REPRINT and Troubleshooting Installation Issues View the DNS Configuration

© FORTINET
To view the installation preview for Remote-FortiGate
1. On the FortiManager GUI, click Remote-FortiGate.
2. In the Configuration and Installation widget, click Install Preview.

In the lab environment, the Config Status may remain as Synchronized.

To resolve this issue, remove the default template on the Provisioning

Templates and then add it again. This step changes the status to Modified
and then you can see the Install Preview.

1. Write down the DNS settings that FortiManager will install on Remote-FortiGate.

Primary:

Secondary:

4. Click Close.

Stop and think!

The system template was configured with two entries. Why does Local-FortiGate show only one DNS entry,
but Remote-FortiGate shows two entries?

Local-FortiGate was preconfigured with the primary DNS entry 208.91.112.53. When Local-FortiGate
was added to FortiManager, it automatically updated in the device-level database. To verify this, check the
current revision history and search for config system dns.

You can use the following procedure to view the system template and DNS settings on the CLI.

View the DNS Configuration

You will view the DNS configuration for the configured system template and compare it to the device-level
database settings for DNS (for both Local-FortiGate and Remote-FortiGate). You will view the configuration on the
CLI.

To view the system template configuration on the CLI

1. On the Local-Windows VM, open PuTTY, and then connect over SSH to the FortiManager saved session.
2. Log in as admin, and then enter the following command to view the CLI configuration for the system template
configuration:

execute fmpolicy print-adom-package ADOM1 5 3547 533 dns

The following output should appear:

FortiManager 7.2 Operator Workshop Lab Guide 109

Fortinet Technologies Inc.
DO View
NOT REPRINT
the DNS Configuration Exercise 1: Diagnosing and Troubleshooting Installation Issues

The execute fmpolicy print- command tree allows you to view the CLI
configuration for provisioning templates, ADOMs, and the device database on
FortiManager.

The syntax for provisioning templates is:

execute fmpolicy print-adom-package <adom> <template name>
<package name> [<category name>|all][<key>|all|list]

You can use the help feature by typing ? to open the command tree syntax.

To view the DNS settings for FortiGate (CLI)

1. In the FortiManager PuTTY session, enter the following command to view the Local-FortiGate DNS settings in the
FortiManager device-level database:

execute fmpolicy print-device-object ADOM1 Local-FortiGate root 15

The following output should appear:

Dump all objects for category [system dns] in device [Local-FortiGate] vdom[root]:
---------------
config system dns
set primary 208.91.112.53
set secondary 4.2.2.2
end

The syntax for the device object is:

execute fmpolicy print-device-object <adom> <devname> <vdom>
<category>|all [<key>|all|list]

2. Enter the following command to view the Remote-FortiGate DNS settings in the FortiManager device-level
database:
execute fmpolicy print-device-object ADOM1 Remote-FortiGate root 15

The following output should appear:

Dump all objects for category [system dns] in device [Remote-FortiGate] vdom[root]:
---------------
config system dns
set primary 4.2.2.2
set secondary 8.8.8.8
end

110 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Diagnosing
REPRINT and Troubleshooting Installation Issues Install Device-Level Configuration Changes

© FORTINET
3. Compare the FortiManager system template entries with each FortiGate.
The primary DNS entry for Local-FortiGate matches the primary DNS entry in the default system template.
Because of this, FortiManager skips the primary DNS entry for Local-FortiGate—Local-FortiGate has already
been configured with the same entry.

4. Close the PuTTY session.

Install Device-Level Configuration Changes

You will install device-level configuration changes (system templates) on the managed FortiGate devices.

To install device-level changes (system templates)

1. On the FortiManager GUI, click Managed FortiGate.
2. In the drop-down list, click Install > Install Wizard.

4. Select Install Device Settings (only), and then click Next.

5. Make sure both devices are selected, and then click Next.

FortiManager 7.2 Operator Workshop Lab Guide 111

Fortinet Technologies Inc.
DO Install
NOT REPRINT
Device-Level Configuration Changes Exercise 1: Diagnosing and Troubleshooting Installation Issues

6. Click Install Preview, and then view the install preview for Local-FortiGate.

The preview generates.

Optionally, you can download the preview.

7. For the Remote-FortiGate install preview, click Remote-FortiGate.

112 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT1: Diagnosing
REPRINT and Troubleshooting Installation Issues Install Device-Level Configuration Changes

8. Click Close.
9. Make sure both FortiGate devices are selected, and then click Install.
The installation begins.

10. After the installation finishes, select any of the FortiGate devices, and then click the View Installation Log icon to
view and verify what is being installed on each device.

11. In the Install Log window, click Close.

12. Click Finish.

FortiManager 7.2 Operator Workshop Lab Guide 113

Fortinet Technologies Inc.
DO Install
NOT REPRINT
Device-Level Configuration Changes Exercise 1: Diagnosing and Troubleshooting Installation Issues

Why does FortiManager show two progress bars when installing changes on a FortiGate?

As you learned in previous lessons, when you perform an installation, the copy operation is the first
operation that FortiManager performs, before the actual installation.

The Config Status for both FortiGate devices should be Synchronized.

You may need to enable the Config Status column in the column settings to check the status.

114 FortiManager 7.2 Operator Workshop Lab Guide

In this exercise, you will view the policies and objects imported into the ADOM database. The objects share the
common object database for each ADOM and are saved in the ADOM database, which can be shared or used
among different managed FortiGate devices in the same ADOM.

You will also diagnose and troubleshoot issues that occur while you import the Remote-FortiGate policy package.

View the Policy Package and Objects

Because the Local-FortiGate policy package is imported into ADOM1, you will view the Local-FortiGate policy
package and objects imported into the ADOM1 database.

To view the policy package and objects for Local-FortiGate

1. Log in to the FortiManager GUI with the username student and password fortinet.
2. Click ADOM1.
3. Click Policy & Objects.
4. On the left side of the window, expand Local-FortiGate_root, and then click Firewall Policy.

You can see the two policies for Local-FortiGate.

Notice the source address of Test_PC for the Ping_Test firewall policy.

FortiManager 7.2 Operator Workshop Lab Guide 115

Fortinet Technologies Inc.
DO Review
NOTPolicies
REPRINT
and Objects Locally on Remote-FortiGate Exercise 2: Troubleshooting Policy Import Issues

© FORTINET
5. Click Object Configurations.
6. Expand Firewall Objects, and then click Addresses.
7. Review the configuration for the Test_PC firewall address.
In the ADOM database, Test_PC is set to the any interface based on the configuration imported from Local-
FortiGate.

Review Policies and Objects Locally on Remote-FortiGate

You must import the policies and objects from Remote-FortiGate. But first, you will review the policies and objects
locally on Remote-FortiGate.

To review policies and objects locally on Remote-FortiGate

1. Log in to the Remote-FortiGate GUI with the username admin and password password.
2. Click Login Read-Only.
3. Click Policy & Objects > Firewall Policy.
4. Expand the port6 to port4 policies.
5. In the Source column of the QA_Test firewall policy, hover over the Test_PC address object.
You can see that the Test_PC address object is bound to the port6 interface.

Remember, the Test_PC address object is bound to the any interface in the ADOM database.

6. Log out of Remote-FortiGate.

116 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Troubleshooting
REPRINT Policy Import Issues Import a Policy Package

You will import the policies and objects for Remote-FortiGate into the policy package, and then troubleshoot
issues with the policy import.

To import the policy package

1. Return to the FortiManager GUI, and then click Policy & Objects > Device Manager.

2. Right-click Remote-FortiGate, and then click Import Configuration.

3. Select Import Policy Package.

4. Click Next.
5. Make sure the policy package name is Remote-FortiGate.
6. Make sure the Mapping Type is set to Per-Device for both port4 and port6.

FortiManager 7.2 Operator Workshop Lab Guide 117

Fortinet Technologies Inc.
DO Import
NOT REPRINT
a Policy Package Exercise 2: Troubleshooting Policy Import Issues

7. Keep the default values for all other settings, and then click Next.
8. Click Next.
Did you notice that the policy import skipped one firewall policy and a firewall address object?

9. Click Download Import Report to view the reason that the policy import skipped a firewall policy.
10. Open the file (or save it for future reference).

118 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Troubleshooting
REPRINT Policy Import Issues Import a Policy Package

Did you notice that the policy import failed when importing firewall policy 2 and the Test_PC address object?

Stop and think!

The following output provides the reason for the policy import failure:
reason=interface(interface binding contradiction. detail: any<-port6) binding
fail)"

What does this error mean? What is the impact? How can you fix this partial policy import issue?

Remember, in the ADOM1 database, the Test_PC firewall address is bound to the any interface, based on
the configuration imported from Local-FortiGate. On Remote-FortiGate, policy ID 2 is using the Test_PC
firewall address bound to port6 as the source address.

This is the expected behavior on FortiManager because it doesn’t allow the same address object name to
bind to different interfaces.

Because FortiManager imported partial policies in the policy package, if you try to make a change to the
policy package and install it, FortiManager deletes the skipped policies and objects associated with those
policies, along with all unused objects.

You must change the Test_PC firewall address binding to the any interface by locally logging in to Remote-
FortiGate.

11. Close the import report, and then click Finish.

FortiManager 7.2 Operator Workshop Lab Guide 119

Fortinet Technologies Inc.
DO Check
NOT REPRINT
the Impact of a Partial Policy Import (Optional) Exercise 2: Troubleshooting Policy Import Issues

The following two procedures show the impact of making changes to the FortiManager policy package Remote-
FortiGate, and then trying to install the policy package. FortiManager tries to delete policy ID 2 and the Test_PC
address object on Remote-FortiGate. FortiManager also tries to delete any unused objects.

If you are now familiar with the behavior, you can skip the following procedures:
l To make configuration changes to the Remote-FortiGate policy package (optional)
l To preview the installation changes (optional)

To make configuration changes to the Remote-FortiGate policy package (optional)

1. On the FortiManager GUI, click Device Manager > Policy & Objects > Policy Packages.

2. Click the Remote-FortiGate policy package, and then click Firewall Policy.
You can see that the firewall policy with Test_PC as the source address is not imported.

3. Double-click the Seq# 1 firewall policy.

4. In the Comments field, type Training.
5. In the Change Note field, type Comments Added, and then click OK.

120 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Troubleshooting
REPRINT Policy Import Issues Check the Impact of a Partial Policy Import (Optional)

© FORTINET
To preview the installation changes (optional)
1. Ensure that Firewall Policy is selected for the Remote-FortiGate policy package, click the down arrow beside
Install Wizard, and then select Re-install Policy.

2. Click OK.
3. Click Install Preview.
4. Notice that FortiManager is trying to delete the firewall policy with ID=2 and the Test_PC address object.

When installing a policy package for the first time, FortiManager also deletes all
unused objects.

This is the firewall policy with Test_PC as the source address.

FortiManager 7.2 Operator Workshop Lab Guide 121

Fortinet Technologies Inc.
DO Fix
NOT a PartialREPRINT
Policy Import Issue Exercise 2: Troubleshooting Policy Import Issues

5. In the Install Preview window, click Close.

6. Click Cancel to cancel the policy installation.

Fix a Partial Policy Import Issue

You must change the Test_PC firewall address binding to the any interface by locally logging in to Remote-
FortiGate, and then retrieving the configuration to FortiManager.

Then, on FortiManager, you can import the policy package for Remote-FortiGate.

To make local changes on Remote-FortiGate

1. Log in to the Remote-FortiGate GUI with the username admin and password password.
2. Click Login Read-Write.
3. In the warning window, click Yes.
4. Click Policy & Objects > Addresses.
5. Right-click Test_PC, and then select Edit in CLI.

122 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Troubleshooting
REPRINT Policy Import Issues Fix a Partial Policy Import Issue

6. On the CLI, enter the following commands:

unset associated-interface
end

7. Close the CLI console window.

8. Edit the Test_PC address.
Your configuration should look like the following example:

FortiManager 7.2 Operator Workshop Lab Guide 123

Fortinet Technologies Inc.
DO Retrieve
NOTtheREPRINT
New Configuration From FortiManager Exercise 2: Troubleshooting Policy Import Issues

Retrieve the New Configuration From FortiManager

You will retrieve the change made to the Remote-FortiGate configuration on FortiManager.

To retrieve the Remote-FortiGate configuration change on FortiManager

1. Return to the FortiManager GUI, and then click Device Manager > Managed FortiGate.
2. Click Remote-FortiGate.

3. In the Configuration and Installation widget, click the Revision History icon.

124 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT2: Troubleshooting
REPRINT Policy Import Issues Retrieve the New Configuration From FortiManager

4. Click Retrieve Config.

5. Click Close to close the Retrieve Device Revision window.
6. Click Close to close the Configuration Revision History window.

To import the policy package again

1. On the FortiManager GUI, click Managed FortiGate.
2. Right-click Remote-FortiGate, and then select Import Configuration.

3. Select Import Policy Package.

4. Click Next.
5. Select the Overwrite checkbox.

FortiManager 7.2 Operator Workshop Lab Guide 125

Fortinet Technologies Inc.
DO Retrieve
NOTtheREPRINT
New Configuration From FortiManager Exercise 2: Troubleshooting Policy Import Issues

6. Click Next.
7. Keep the default values for all other settings, and then click Next.
Did you notice that Test_PC appears as Dynamic Mappings?

FortiManager automatically creates a dynamic mapping of the object with the same values. The interface
must be the same as the ADOM database.

8. Click Next.
You can see that FortiManager imported both firewall policies this time.

9. Click Finish.

126 FortiManager 7.2 Operator Workshop Lab Guide

You can use FortiManager as your local firmware cache, and to upgrade firmware on supported devices.

In this exercise, you will import the firmware image for FortiGate, and then upgrade both FortiGate devices using
FortiManager.

To import and upgrade firmware

1. On the Local-Client VM, open a new private browser window, and then log in to the FortiManager GUI with the
username admin and password password.

Make sure that you open a new private browser window. If you don't, your image will
not appear in step 10 of this procedure.

2. Click ADOM1.
3. Click FortiGuard > Firmware Images > Local Images.

4. Click Import, and then click Add Files.

5. Click Desktop > Resources > FortiManager > Additional-Configuration, and then select FGT_upgrade-
build1255.out.
6. Click Open > OK.
You can see the file upload progress.

7. Click Close.
You can see that the firmware image has been saved on FortiManager.

FortiManager 7.2 Operator Workshop Lab Guide 127

Fortinet Technologies Inc.
DO NOT REPRINT Exercise 3: Upgrading FortiGate Firmware Using FortiManager

© FORTINET
8. Click FortiGuard > Device Manager.
9. Select both FortiGate devices.
10. Click More, and then select Firmware Upgrade.

11. In the Upgrade to drop-down list, select Local Images > 7.2.2-b1255.
12. Click OK.
13. In the Confirm Firmware Upgrade window, click Continue.

The firmware upgrade process may take several minutes.

14. Leave the Upgrade Firmware Task window open until the progress bar reaches 100%.
After a few minutes, you should see successful firmware upgrades for both FortiGate devices.

128 FortiManager 7.2 Operator Workshop Lab Guide

Fortinet Technologies Inc.
DO Exercise
NOT3: Upgrading
REPRINTFortiGate Firmware Using FortiManager

15. Click Close.

16. Optionally, you can open the console connection for Local-FortiGate and Remote-FortiGate to see the firmware
upgrades.

FortiManager 7.2 Operator Workshop Lab Guide 129

No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright© 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

FortiGate 7.6 Administrator Lab Guide
No ratings yet
FortiGate 7.6 Administrator Lab Guide
251 pages
FortiManager 7.6.0 Administration Guide
No ratings yet
FortiManager 7.6.0 Administration Guide
1,106 pages
Fortigate Administratior 7.4 Lab Guide
60% (5)
Fortigate Administratior 7.4 Lab Guide
250 pages
Free Fortinet FCP FMG Ad 7.4 Exam Questions by Cole
No ratings yet
Free Fortinet FCP FMG Ad 7.4 Exam Questions by Cole
12 pages
FCP - FortiManager Administrator 7.4 - Study Guide
100% (2)
FCP - FortiManager Administrator 7.4 - Study Guide
327 pages
FortiManager 6.0.4 Administration Guide PDF
No ratings yet
FortiManager 6.0.4 Administration Guide PDF
491 pages
Fortinet Fortimanager Study Guide For Fortimanager 72
100% (1)
Fortinet Fortimanager Study Guide For Fortimanager 72
372 pages
FortiGate Security 7.2 Lab Guide-Online
No ratings yet
FortiGate Security 7.2 Lab Guide-Online
203 pages
FortiManager 7.4.6 Administration Guide
No ratings yet
FortiManager 7.4.6 Administration Guide
1,030 pages
FFT - Fabric Management Center Exported Lab Guide
No ratings yet
FFT - Fabric Management Center Exported Lab Guide
161 pages
FortiManager 7.2.4 Administration Guide
No ratings yet
FortiManager 7.2.4 Administration Guide
916 pages
FortiManager 7.4 Administrator Lab Guide-Cotemar
No ratings yet
FortiManager 7.4 Administrator Lab Guide-Cotemar
147 pages
FortiManager 7.0.7 Administration Guide
No ratings yet
FortiManager 7.0.7 Administration Guide
796 pages
FortiAnalyzer Lab Guide Online
50% (2)
FortiAnalyzer Lab Guide Online
89 pages
FortiManager Best Practices Guide
No ratings yet
FortiManager Best Practices Guide
33 pages
FortiManager 6.4.3 Administration Guide
No ratings yet
FortiManager 6.4.3 Administration Guide
682 pages
Fortimanager v7.2.7 Upgrade Guide
No ratings yet
Fortimanager v7.2.7 Upgrade Guide
30 pages
FortiManager-7 0 3-Administration - Guide
No ratings yet
FortiManager-7 0 3-Administration - Guide
781 pages
19-Backup ADOM Lab
No ratings yet
19-Backup ADOM Lab
5 pages
FortiAnalyzer 7.4.3 Administration Guide
No ratings yet
FortiAnalyzer 7.4.3 Administration Guide
455 pages
FortiAnalyzer 7.0.1 Administration Guide
No ratings yet
FortiAnalyzer 7.0.1 Administration Guide
353 pages
FortiManager 6.4.0 Administration Guide
No ratings yet
FortiManager 6.4.0 Administration Guide
614 pages
Ebin - Pub Fortinet Fortimanager Lab Guide For Fortimanager 72
No ratings yet
Ebin - Pub Fortinet Fortimanager Lab Guide For Fortimanager 72
170 pages
FortiManager Best Practices Guide
No ratings yet
FortiManager Best Practices Guide
35 pages
FortiAnalyzer 7.2.1 Administration Guide
No ratings yet
FortiAnalyzer 7.2.1 Administration Guide
398 pages
Standalone PDF
No ratings yet
Standalone PDF
1,022 pages
Fortimanager v7.0.1 Upgrade Guide
No ratings yet
Fortimanager v7.0.1 Upgrade Guide
28 pages
FortiManager 7.4.2 Administration Guide
No ratings yet
FortiManager 7.4.2 Administration Guide
993 pages
FortiManager Beginner's Guide - Basic Operations
No ratings yet
FortiManager Beginner's Guide - Basic Operations
4 pages
FortiManager 7.0.1 Administration Guide
No ratings yet
FortiManager 7.0.1 Administration Guide
742 pages
FortiManager 6.4.5 Administration Guide
No ratings yet
FortiManager 6.4.5 Administration Guide
691 pages
FGT Security Lab Guide For Fortios 72
No ratings yet
FGT Security Lab Guide For Fortios 72
204 pages
Manual de Usuario y Operación FortiAnalyzer
No ratings yet
Manual de Usuario y Operación FortiAnalyzer
486 pages
FortiManager-7 6 1-Administration - Guide
No ratings yet
FortiManager-7 6 1-Administration - Guide
1,066 pages
FortiAnalyzer-7 4 1-Administration - Guide
No ratings yet
FortiAnalyzer-7 4 1-Administration - Guide
425 pages
FortiManager 5.4.1 Administration Guide
No ratings yet
FortiManager 5.4.1 Administration Guide
348 pages
FortiManager-7 4 0-Administration - Guide
No ratings yet
FortiManager-7 4 0-Administration - Guide
937 pages
60LAB Fotigate
No ratings yet
60LAB Fotigate
226 pages
Ebin - Pub Fortinet Fortianalyzer Lab Guide For Fortianalyzer 70
No ratings yet
Ebin - Pub Fortinet Fortianalyzer Lab Guide For Fortianalyzer 70
145 pages
Fortinet Fortigate Security Lab Guide For Fortios 72
100% (1)
Fortinet Fortigate Security Lab Guide For Fortios 72
204 pages
FortiGate Security 6.2 Lab Guide-Online
100% (3)
FortiGate Security 6.2 Lab Guide-Online
232 pages
FortiManager Lab Guide-Online
100% (3)
FortiManager Lab Guide-Online
182 pages
FortiAnalyzer Admin Guide 72
No ratings yet
FortiAnalyzer Admin Guide 72
55 pages
FortiManager 5.4.2 Administration Guide
No ratings yet
FortiManager 5.4.2 Administration Guide
348 pages
FortiManager 6.2 Study Guide-Online
No ratings yet
FortiManager 6.2 Study Guide-Online
376 pages
FortiManager Best Practices Guide
No ratings yet
FortiManager Best Practices Guide
21 pages
Fortimanager 6.2.1 Administrator Guide
No ratings yet
Fortimanager 6.2.1 Administrator Guide
546 pages
FortiAnalyzer Lab Guide
No ratings yet
FortiAnalyzer Lab Guide
105 pages
FortiAnalyzer-7 0 0-Administration - Guide
No ratings yet
FortiAnalyzer-7 0 0-Administration - Guide
335 pages
FortiManager 6.4 Study Guide-Online
No ratings yet
FortiManager 6.4 Study Guide-Online
386 pages
FortiManager - 7.2 - Course - Description V
No ratings yet
FortiManager - 7.2 - Course - Description V
2 pages
FortiManager Administrator
No ratings yet
FortiManager Administrator
2 pages
ITQAN HUB FortiManager - Administrator
No ratings yet
ITQAN HUB FortiManager - Administrator
2 pages
Do Not Reprint © Fortinet: Fortigate Infrastructure Lab Guide
No ratings yet
Do Not Reprint © Fortinet: Fortigate Infrastructure Lab Guide
140 pages
FortiGate Infrastructure 6.0 Lab Guide-Online
No ratings yet
FortiGate Infrastructure 6.0 Lab Guide-Online
148 pages
User Administration
50% (2)
User Administration
18 pages
Do Not Reprint © Fortinet: Fortimanager Lab Guide
No ratings yet
Do Not Reprint © Fortinet: Fortimanager Lab Guide
182 pages
FortiManager Student Guide-Online
No ratings yet
FortiManager Student Guide-Online
330 pages
Issue2 MOD 05 166 Crypto Management Tools
No ratings yet
Issue2 MOD 05 166 Crypto Management Tools
19 pages
Beginner Tips To Own Boxes at HackTheBox ! - Bug Bounty Hunting - Medium
0% (1)
Beginner Tips To Own Boxes at HackTheBox ! - Bug Bounty Hunting - Medium
11 pages
Open CCTV Platform Manual
No ratings yet
Open CCTV Platform Manual
38 pages
CIS Controls v8 Mapping To NIST SP 800 53 Rev 5 Moderate and Low Base
No ratings yet
CIS Controls v8 Mapping To NIST SP 800 53 Rev 5 Moderate and Low Base
264 pages
Managing Linux Users Groups and File Permissions
No ratings yet
Managing Linux Users Groups and File Permissions
16 pages
ECCExam RPS UserGuide
No ratings yet
ECCExam RPS UserGuide
54 pages
FJBT Network Security FTD Lab Guide v1 0d
100% (1)
FJBT Network Security FTD Lab Guide v1 0d
96 pages
Cisco Admin Console
No ratings yet
Cisco Admin Console
168 pages
Online 2 SCRBD
No ratings yet
Online 2 SCRBD
48 pages
DaloRADIUS - Billing Rates, Plans and PayPal Signup Portal
100% (1)
DaloRADIUS - Billing Rates, Plans and PayPal Signup Portal
33 pages
Deploying Using Nginx PDF
No ratings yet
Deploying Using Nginx PDF
4 pages
Wazuh Integration With OsTicket
No ratings yet
Wazuh Integration With OsTicket
15 pages
Installation Setup and Operations Guide For VMware Skyline Health Diagnostics 3.5.1
No ratings yet
Installation Setup and Operations Guide For VMware Skyline Health Diagnostics 3.5.1
115 pages
Samba-3: Windows File and Directory Acls: Enterprise Linux Tips
No ratings yet
Samba-3: Windows File and Directory Acls: Enterprise Linux Tips
12 pages
ORACLE 10g Installation
No ratings yet
ORACLE 10g Installation
6 pages
Vsphere Esxi Vcenter Server 60 Appliance Configuration Guide PDF
No ratings yet
Vsphere Esxi Vcenter Server 60 Appliance Configuration Guide PDF
52 pages
MSC SimDesigner™ 2010.2 Workbench Edition For CATIA® V5 R19 Installation Guide
No ratings yet
MSC SimDesigner™ 2010.2 Workbench Edition For CATIA® V5 R19 Installation Guide
72 pages
VMW 15Q1 TD Horizon-View-Google-Authenticator 021715 FINAL EMonjoin
No ratings yet
VMW 15Q1 TD Horizon-View-Google-Authenticator 021715 FINAL EMonjoin
27 pages
Complete Guide To Fixing Default Passwords For Trixbox
No ratings yet
Complete Guide To Fixing Default Passwords For Trixbox
4 pages
Pan Os Cli Quick Start
No ratings yet
Pan Os Cli Quick Start
82 pages
Ultimate Linux Checklist
No ratings yet
Ultimate Linux Checklist
4 pages
How To Boot Exadata Database Server With Diagnostic ISO Image (Doc ID 1947114.1)
No ratings yet
How To Boot Exadata Database Server With Diagnostic ISO Image (Doc ID 1947114.1)
5 pages
It Workshop Manual
No ratings yet
It Workshop Manual
152 pages
tr4569
No ratings yet
tr4569
38 pages
Acquisition Workstation (Linux) Installation Guide: Nanometrics Inc. Kanata, Ontario Canada
No ratings yet
Acquisition Workstation (Linux) Installation Guide: Nanometrics Inc. Kanata, Ontario Canada
18 pages
TelePresence Conductor Virtual Machine Install Guide XC4 2
No ratings yet
TelePresence Conductor Virtual Machine Install Guide XC4 2
32 pages
Trixbox 2.8.0.4 Installation Manual
No ratings yet
Trixbox 2.8.0.4 Installation Manual
26 pages
Autoplant Help - Compact
No ratings yet
Autoplant Help - Compact
24 pages
How To Quit The QEMU Monitor When Not Using A GUI? - Super User
No ratings yet
How To Quit The QEMU Monitor When Not Using A GUI? - Super User
4 pages
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassouli
No ratings yet
Basic Setup of FortiGate Firewall
From Everand
Basic Setup of FortiGate Firewall
Dr. Hidaia Mahmood Alassoulii
No ratings yet
FCP - FortiClient EMS 7.2 Administrator Exam Preparation
From Everand
FCP - FortiClient EMS 7.2 Administrator Exam Preparation
Georgio Daccache
No ratings yet