Editing objects
Some tables allow you to edit parts of the configuration direction on the table’s page. For example, security features can be added to an existing firewall policy from the policy list (Policy & Objects > IPv4 Policy), by right-clicking in the Security Profiles column and selecting the appropriate profiles.
If this option is not available, you must select the object, then select the Edit option, found at the top of the page.
Text Strings
The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them.
Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.
Entering text strings (names)
Text strings are used to name entities in the configuration. For example, the name of a firewall address, administrative user, and so on. You can enter any character in a FortiGate configuration text string except, to prevent Cross-Site Scripting (XSS) vulnerabilities, the following characters:
“ (double quote), & (ampersand), ‘ (single quote), < (less than) and > (greater than)
Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.
There is a different character limitation for VDOM names and hostnames. For both, the only legal characters are numbers (0-9), letters (a-z, A-Z), and special characters – and _.
From the CLI, you can also use the tree command to view the number of characters that are allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.
config firewall address tree
— [address] –*name (64)
|- subnet
|- type
|- start-ip
|- end-ip
|- fqdn (256)
|- cache-ttl (0,86400)
|- wildcard
|- comment (64 xss)
|- associated-interface (16)
+- color (0,32)
The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully-qualified domain name (fqdn) field can contain up to 256 characters.
Entering numeric values
Numeric values set various sizes, rates, numeric addresses, and other numeric values. For example, a static routing priority of 10, a port number of 8080, or an IP address of 10.10.10.1. Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (for example, the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base-10 numbers, but some fields (again, such as MAC addresses) require hexadecimal numbers.
Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.
FortiGate LED Specifications
This is a guide to FortiGate LED status indicators.
- Sample FortiGate Faceplates
- LED Status Codes
- LED Status Codes for Ports
Sample FortiGate Faceplates
The faceplates indicate where the LEDs are typically found on desktop and mid-range FortiGate models.
LED Status Indicators
LABEL | STATE | MEANING |
PWR |
Green
Off |
Power is On.
Power is Off. |
STA |
Green
Flashing Green
Red |
Normal status.
Booting Up. If the FortiGate has a reset button, Flashing Green also means that the reset button was used.
The FortiGate has a major alarm. |
ALARM |
Red
Amber
Off |
The FortiGate has a major alarm (feature not fully developed). The status LED will also be red. The FortiGate has a minor alarm (feature not fully developed). No alarm . |
HA |
Green Red Off |
FortiGate is operating in an FGCP HA cluster. A failover has occurred. HA not configured.
Failover operation feature not available in all units. |
WIFI |
Green
Flashing Green
Off |
Wireless port is active. Wireless interface is transmitting and receiving data. Wireless interface is down. |