Fortinet FortiManager Cloud
Centralized Management for Fortinet Security Networks

Overview:

FortiManager provides Automation-Driven Centralized Management of your Fortinet devices from a single console for full administration and visibility of your network devices through streamlined provisioning and innovative automation tools.

Integrated with Fortinet’s Security Fabric, the advanced security architecture and FortiManager’s Automation Driven Network Operations capabilities provide a solid foundation to secure and optimize your network security.

Single-Pane Management streamlines centralized policy and object management, automatic revision history and control, and enhanced RBAC features for script management and IPS management with role separation.

Security Fabric Automation simplifies the ZTP deployment process for SD-Branch (FortiGates and access devices) with powerful templates that directly utilize metavariables for scalable provisioning to thousands of sites.

NOC Cloud Services offers the FortiManager platform as a service with new management extensions that can be pulled and installed from the cloud.

Key Features

• Centrally manage thousands of FortiGates, policies and objects as well as FortiSwitches, FortiAP,and FortiExtender. Provide signature updates to FortiGate, FortiMail, FortiSandbox, and FortiClient
• Centralized distribution of security content and signatures through the use of the built-in FortiGuard module
• Use templates for firmware upgrades and zero-touch provisioning for Secure SDWAN, setting up IPSec VPN, static route, and FortiExtender for fast and easy configuration
• Reduce complexity and costs by leveraging automated REST API, scripts, connectors, and automation stitches
• Automate workflows and configurations for Fortinet firewalls, switches, and wireless infrastructure
• Separate customer data and manage domains leveraging ADOMs to be compliant and operationally effective
• High Availability to automate backups for up to five nodes with streamlined software and security updates for all managed devices

Feature Highlights:

Single Pane Management

FortiManager’s Single Pane Management provides centralized management and provisioning strategy built around Fortinet’s Security Fabric that tightly integrates an organization’s network infrastructure and security architecture to apply access control, segmentation and consistent protection of devices, applications and users.

Device Configuration and Provisioning

FortiManager expands the network administrator’s capabilities with a rich set of tools to centrally manage up to 100,000 devices including FortiGates, FortiExtender, FortiSwitch, FortiAPs, SD-WAN and more.

Collectively configure device settings and use new enhanced CLI templates with variables, and provisioning templates to assign firmware and policy packages from a single console, including policy and object revision history for auditing.

FortiManager includes extended SSL and Certificate support for enhanced ssl-ssh-profile configuration, as well as Restricted IPS Admin Profiles to support customers who are transitioning and upgrading from dedicated IPS solutions to Fortinet products.

Automated device configuration backups and revision control make daily administrative tasks easy, with change tracking in the enhanced Event Log view for review of configuration and change detail for auditing & compliance.

FortiManager also now enables Admins to configure and assign custom commands on FortiSwitch and configure MCLAG from the FortiSwitch Manager.

Multi-Tenancy and Role-Based Administration

FortiManager provides granular device and role-based administration for clear visibility of every device and user on the network, facilitating zero-trust, multi-tenancy deployments for large enterprises and a hierarchical objects database for re-use of common configurations to serve multiple customers.

ADOMs (administrative domains) are used to manage independent security environments, each with its own security policies and configuration database. The intuitive GUI makes it easy for Admins to view, create, clone, and manage ADOMs, define global Objects, Policies and Security Profiles across ADOMs, with Health Check to ensure ADOMs are in sync.

FortiManager’s zero-touch deployment utilizes templates to provision devices for quick mass deployments, and supports firmware version enforcement for defining firmware requirements for installs and upgrades.

FortiManager’s new IPS admin is a restricted user role for performing only IPS related object configuration and installations. Admin users can also be assigned per-admin UI background themes, for unique visual associations.

Security Policy and Objects Management

FortiManager’s Policy & Objects views enable Admins to centrally manage and configure device policies, including updating network settings, antivirus definitions, intrusion protection signatures, access rules, and software updates.

The global policy feature allows MSSP and SAAS providers to apply ADOM level header/footer policies for updating all policy packages or select packages. Policy and Objects views now include a revision history, providing an account of admins who have made changes, change date, summary, and a mandatory change notes field to capture change reason.

The per-policy lock feature allows admins to control the policy change by implicitly locking a policy rule when a policy is changed. Admins can also group commonly used policies in a policy block and insert in different Policy Packages.

Secure SD-WAN

FortiManager offers powerful SD-WAN management capabilities using intuitive workflows and simplified provisioning at scale. Leverage application centric SD-WAN business policies to fine-tune traffic steering decisions based on performance SLA targets for each WAN provider.

Admins can the use SD-WAN monitoring dashboard to keep an eye on application performance and bandwidth utilization per WAN link, and integrate FortiAnalyzer for enhanced analytics views and SD-WAN assessment reports.

Manage and Monitor with Deep Visibility

FortiManager’s Device Manager provides full visibility, access and management of Fortinet managed devices, interfaces, scripts, templates, automation, monitors, users, settings, and more. Install, edit and delete policies, monitor the health of FortiGate devices through the customizable dashboards and widgets to see resource usage, network status of DHCP, IPsec and SSL VPN, routing, traffic shapers, and more. Easily navigate the hierarchical tree with categories for Managed Devices, Logging Devices, Unauthorized Devices, and customize to display as a table, folder, or a map view.

Use Fabric View to check Security Fabric Ratings and configurations of FortiGate devices or groups. Access vital security and network statistics, as well as real-time monitoring and topology information to provide visibility into network and user activity. Add a FortiAnalyzer appliance or VM for powerful analytics and enhanced Fabric view with asset and identity info, additional data mining, statistical analysis, and graphical reporting capabilities.

FortiManager High Availability (HA)

FortiManager high availability (HA) provides enhanced reliability, data protection, redundancy, and operational performance to ensure agreed uptimes and availability. In the event that the operating FortiManager unit fails, a backup FortiManager (one primary and up to four secondary) unit can take the place of the failed unit, making sure that companies have seamless access to their devices and business-critical network operations.

The FortiManager HA Cluster Wizard now also supports defining a hostname for each cluster member, exposing the session-pick option from GUI, as well as the option to dedicate an interface for management of the individual cluster member.

Security Fabric Automation

Network and Security Operations Visibility (NOC/SOC)

FortiManager supports NOC-SOC workflows to assist network teams in maintaining optimal performance. Automated data exchanges between security (SOC) workflows and operational (NOC) workflows, create a single, complete workflow that not only saves time, but also provides the capacity to complete additional incident response activities.

Integration with FortiAnalyzer magnifies visibility with advanced data visualization and analytics helping analysts quickly connect-the-dots, identify threats, and simplify the expeditious configuration and security of managed devices.

Automation and Connectors

Utilize Automation and Orchestration and optimize with FortiManager through querying of FortiGates and the Fortinet Security Fabric via application programming interfaces (APIs) to actively collect and share network information and broaden end-to-end visibility and response.

FortiManager reduces complexity and cost by leveraging REST API, scripts, connectors, and FortiGate automation stitches to automate time-intensive processes and accelerate workflows for offloading NOC-SOC, reducing administrative tasks, and addressing talent shortages. Admins can automate common tasks such as provisioning of FortiGates and configuring new or existing devices.

Join Fortinet Developer Network (FNDN) for exclusive access to articles, how-to content for automation and customization, community-built tools, scripts, and sample code.

NOC Cloud Services

Management Extensions

FortiManager’s Management Extensions pane allows rapid expansion of the Single Pane to manage more Security Fabric products. The built-in engine runs containerized management extension applications (MEAs), pulled from FortiGuard.

FortiManager’s management extensions include modules for the following:

• SD-WAN Orchestrator for all configuration, management, and monitoring of FortiGates on your SD-WAN network
• FortiPortal for cloud-based security and log management, allowing Managed Security Service Providers to delegate controlled access to device configuration and analytics
• FortiWLM to monitor, operate, and administer wireless networks on FortiGates that are managed by FortiManager
• FortiSigConverter to convert Snort network intrusion detection and intrusion prevention system rules to Fortinet supported IPS signatures directly into FortiManager
• FortiAuthenticator for identity and access management, allowing admins to provide access to protected network assets, and track user activity and compliance with security policies
• FortiSOAR – Full Security Orchestration, Automation and Response features with a subscription to FortiSOAR

Dynamic Cloud Security

Fortinet Cloud Security and Management Solutions offers customers a SaaS based delivery option for central management of FortiGate devices from a cloud-based FortiManager.

FortiManager Cloud provides an automation-driven and single pane-of-glass management capability that is easyto-implement, easy-to-manage, flexible, and scalable for an organization’s business growth.

Use the single Sign-on Portal to manage Fortinet NGFW and SD-WAN. The built-in cloud-init service allows Administrators to easily customize a prepared image of a virtual installation for KVM, AZURE, and AWS. FortiManager’s cloud-based network management helps customers streamline FortiGate provisioning with automation-enabled management of Fortinet devices.

With the FortiCloud Premium subscription, customers can easily enable the FortiManager Cloud service with the 360 Protection bundle or by purchasing it a-la-carte, providing access to manage a range of Fortinet solutions and services for simplified network and security management. Customers and partners can easily access their FortiManager Cloud from their FortiCloud Single-Sign-On Portal.

Security Fabric and Third Party Integration

FortiManager integrates with ITSM to seamlessly mitigate security incidents and events, apply configuration changes, and update policies. Integration with FortiAnalyzer provides in-depth discovery, analysis, prioritization, and reporting of network security events.

Use fabric connectors to facilitate connections with thirdparty vendors like vCenter, pxGrid, Clearpass, OCI, ESXi, AWS, and others to share and exchange data.

FortiManager’s workflow for audit and compliance enables review, approval, and auditing policy changes including automating processes for policy compliance, policy lifecycle management, and enforced workflow to reduce risk.

Services:

FortiGuard Security Subscription Services

FortiGuard Security Subscription Services deliver dynamic, automated updates for Fortinet products. The Fortinet Global Security Research Team creates these updates to ensure up-to-date protection against sophisticated threats. Subscriptions include antivirus, intrusion prevention, web filtering, antispam, vulnerability and compliance management, application control, and database security services.

FortiCare Support Services

FortiCare Support Services provide global support for all Fortinet products and services. FortiCare support enables your Fortinet products to perform optimally. Support plans start with 8x5 Enhanced Support with "return and replace" hardware replacement or 24x7 Comprehensive Support with advanced replacement. Options include Premium Support, Premium RMA, and Professional Services. All hardware products include a 1-year limited hardware warranty and 90-day limited software warranty.

Documentation:

Download the Fortinet FortiManager Series Datasheet (PDF).