FortiGate Cloud – Management

Management

On the Management tab, you can remotely manage FortiGate and FortiWiFi devices that are connected to the FortiGate Cloud service.

The Management homepage provides the following information about devices. You can select a device’s serial number or name to access management tools for that device:

  • Model/serial number l Fortinet product type l Firmware version
  • Status (If the device is connected through a management tunnel) l Service the device is currently active in l Applied template

You can use the gear icon to access additional functions:

To undeploy the FortiGate:

  1. Click the Config icon for the desired device.
  2. Click Undeploy.
  3. In the confirmation dialog, click YES.
  4. You have the option to place a unit where the FortiGate was deployed. The unit contains historical data and a serial number that starts with U.

To authorize a new account to access the FortiGate’s historical data:

  1. Click the Config icon for the desired device.
  2. Click Authorize New Account.
  3. In the Account ID field, enter the desired account ID.
  4. Click Submit.

To rename the FortiGate:

  1. Click the Config icon for the desired device, then click Rename.
  2. In the Device Name field, enter the desired name. Click Submit.

To go to the device list:

You can return to the device list from the Analysis, Management, or Sandbox page for an individual device.

  1. In the upper left corner, click Show Device List.

You must first enable the management tunnel on your device before you can see any management functions. On the device, run the following CLI commands:

config system central-management set mode backup set type fortiguard

end

Config

In Config, you can access a pared-down version of the remote device’s management interface to configure major features as if you were accessing the device itself. For descriptions of the configuration options, see the FortiOS documentation.

The configuration you see in FortiGate Cloud does not autorefresh. FortiGate Cloud displays a notification if the current local FortiGate configuration differs from the latest configuration uploaded to FortiGate Cloud. You can overwrite the FortiGate Cloud configuration with the current local FortiGate configuration by clicking Import, or merge the two configurations by clicking Merge. If you are merging the configurations and there is a conflict between them (for example, an option is enabled locally on the FortiGate but disabled in FortiGate Cloud), FortiGate Cloud keeps the local FortiGate Cloud configuration for that option. You can then make any changes you want to reflect on the device, and select Deploy to push the configuration to the device.

In the case that your device configuration version does not match the firmware version, FortiGate Cloud may display a Device config version does not match device firmware version message. You can click the Import button to synchronize the configurations.

To deploy cloud configuration to devices:

  1. Go to Management > Config.
  2. Before you edit any settings, click the Import button to retrieve the most up-to-date configuration from the FortiGate Cloud-connected device.
  3. On this page, you have limited access to a pared-down version of the FortiGate interface, allowing you to edit interfaces, routes, policies, etc. Edit the FortiGate configuration as needed.
  4. When you are ready to push your updated configuration back to the device, select Deploy in the upper right.
  5. Wait for the configuration to download to the device. When it completes, a deployment log appears, showing you the changes as they appear in the CLI.

Backup

In Backup, you can back up, Edit, View, Compare (to other revisions), Download, Restore (to device), and Delete revisions. You can filter the revision list by firmware version or created time. You can also search for a specific backup.

To back up the device configuration to the cloud:

  1. Go to Management > Backup.
  2. Select Backup Config in the upper right, and enter the backup revision name. FortiGate Cloud adds the new configuration to the list. By selecting the icons on the right side, you can rename, view, compare, download, restore, and delete configuration files. The compare icon only appears once you have multiple revisions available.

To enable auto backup:

  1. Go to Management > Backup > Auto Backup Setting.
  2. Click Enable Auto Backup. Only setting changes on the FortiGate (locally from the FortiGate or from FortiGate

Cloud) trigger auto backup. You can select one of the following auto back up settings:

Option   Description
Per Session   By default, the session duration is 600 seconds. For example, if you modify

FortiGate settings at 10:00 AM, FortiGate Cloud schedules an auto backup in

600 seconds. If no other setting changes occur within the 600 seconds, FortiGate Cloud performs an auto backup at 10:10 AM. However, if you further modify settings, for example, at 10:05 AM, this resets the timer and FortiGate Cloud schedules an auto backup for 600 seconds after 10:05 AM.

FortiGate Cloud keeps every backup revision for all sessions in one day.

You can only configure an alert email for this option. The alert email does not contain a copy of the backup revision.

Per Day   This option operates the same as PerSession, except that FortiGate Cloud only keeps one latest backup revision per day.
  1. Click Apply.

Upgrade

In Upgrade, you can see the current firmware version installed on the device, and update to newer stable versions if they are available. The upgrade path that FortiGate Cloud displays may differ from the upgrade path that FortiGuard displays.

To upgrade remote device firmware:

  1. Go to Management > Upgrade.
  2. Verify your device’s current firmware version in the upper left before continuing.
  3. If you are concerned about the effects of upgrading or have not upgraded recently, use the Upgrade Path Tool to ensure you are following the recommended upgrade path.
  4. It is recommended to back up your device’s configuration before upgrading, in Management > Backup or in the device’s management interface.
  5. Select an available firmware from the list, and select Upgrade. You can schedule a time and date to perform the remote upgrade. For example, you can schedule it during downtime to minimize disruption. A caution icon may also display to indicate that the upgrade path may not be supported.
  6. Wait for the upgrade to take effect.

Script

In Script, you can create and run script files on connected remote devices to check device status or get bulk configuration information quickly.

To execute a script on a remote device:

  1. Go to Management > Script.
  2. In the upper right, select Add Script.
  3. Enter a name and a description, and the CLI script content that you want to run. Each script is a series of CLI commands, one command per line. Click Submit.
  4. Click the Deploy icon, and select a time to automatically deploy the script to the device.
  5. To cancel the scheduled run, click the Cancel icon next to the scheduled time.
  6. FortiGate Cloud records that script’s output. You can read it by clicking View Result.

 

This entry was posted in Administration Guides, FortiGate, FortiGate Cloud on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.