Fortimanager - Fortinet Management
With the Fortimanager, staff who manage Fortinet firewalls can assist in the transition of implementing policies.
Fortimanager allows for easier management of our Fortinet Firewalls from a single location and provides future automation for Tufin.
Logging In and Initial Screens
Upon logging in to the Fortimanager with your NetIDAdmin/Password, you will be greeted with the “Select an ADOM” screen. Here, you will see each ADOM that you have access to manage.
Click the ADOM you would like to manage.
The Fortimanager is divided into individual ADOMs (Administrative Domains) for each VDOM (Virtual Domain) on each firewall.
For example, the Waterbury firewall has 3 VDOMs:
PDFD
Server
Root
Each of these VDOMs belongs to its own ADOM, as shown below.
After selecting the ADOM, you will be directed to the screen shown below. From here, you can choose to enter the Device Manager or what will more commonly be used – Policy & Objects. Fabric View is not used; you can ignore it.
In the top right corner, you will see ADOM: FW-Waterbury-PDFD. This is the current ADOM you are in; clicking this will bring up the selection box, allowing you jump to another ADOM.
Policy & Object View
After choosing Policy & Objects in Fortimanager, the following screen will display.
The top half is dedicated to the Policies for the ADOM you are in. This is where you add new policies or update old ones.
The bottom half is dedicated to the Objects for the ADOM you are in. In the bottom half, you can add (Create New) or edit (Edit) objects and services/ports.
Fortimanager differs slightly from Fortigates in that Fortimanager uses Policy Packages to manage the policies. Each ADOM has its own specific Policy Package that contains all of the policies, objects, interfaces, etc. When making changes to policies and objects, you are updating the policy package that will be installed to the Firewall/VDOM.
Clicking Create New in either section will generate the screens shown below. Under Create New, you will be able to set up your new policy or new object the same way you normally would on the Fortinet firewalls.
Installing Policy/Object Changes
After you have made the changes you need to the policies/objects (highlighted below), you need to install the updated Policy Package.
Click on Install along the top.
Choose Re-install Policy (shown below).
Tip: Use Re-install Policy instead of Install Wizard. Re-install Policy is quicker and only pushes the policy and object changes to the Firewall/VDOM, as opposed to the Install Wizard which also pushes system changes (e.g., adding a new interface to the firewall).Confirm that you would like to install the policy package. The following screen will display:
At this point, some information about the installation will display.
The Device column shows the Firewall & VDOM that the policy package is being installed to.
The Policy Package column shows the current package being installed.
The Validation column is arguably the most important of the three, as it confirms that the package you are going to install is valid and does not contain any issues. There are a couple of installation options to choose from:
Install Preview: The install preview generates the command line codes used by the Fortinet firewalls and shows you what the updated code will look like. This is not particularly useful to most users, so it is recommended not to use this.
Policy Package Diff: The more useful of the two options, Policy Package Diff lets you see the changes that will be implemented with the updated Policy Package, such as created/deleted/modified policies and objects.
Note: Before committing the changes that you have made, it is always recommended to review them using Policy Package Diff. This will give you chance to take another look at the changes you made to verify that everything is correct.
After reviewing your changes and confirming that everything is correct, click Next to begin the installation. Depending on how many changes you have made, this process may take a minute or two. When the process is complete, the following screen will display, confirming the installation was successful.