Fortinet FortiGate ADOM

Details

Support: Level 5

Supported Versions: 4.3.6, 5.x, 6.0-6.4

Connecting to SIP

To use a Fortinet FortiGate ADOM management station, complete the following steps.

Step 1: Configure the Device

FireMon strives to provide up-to-date product information, however we are not always aware when vendors change their device UI. If any Configure the Device procedure differs from your device version (UI location of fields, not information needed), please consult your device's user guide.

  1. On your FortiGate ADOM device, add an administrator user account. Write down the user name and password. You will need this information for a later step.
    1. Access System Settings > Admin > Administrators > Create.
    2. Enter a User Name and Password for the account.
    3. Select Super_User as the Admin Profile.
    4. Select All ADOMs for Administrative Domain.
    5. Select All Packages for Policy Package Access.
    6. Click OK.
  2. If using version 5.2.3 and above, the REST API permissions must be given at the administrator account level that SIP will use.

    config system admin user

    edit username (replace username with the user name used in step 1.b)

    set rpc-permit read

    end

  3. Enable access and allowable ports.
    1. Access System Settings > Network.
    2. Select the HTTPS, HTTP, PING, SSH, and Web Service check boxes for Administrative Access.
    3. Ports 8080 and 443 must be allowed. Port 8080 is used to access the API.
    4. Click OK.

Step 2: Onboard the Device in the Administration Module

  1. On the toolbar, click DeviceManagement Stations.
  2. Click Create, and then click Fortinet > FortiGate ADOM.
  1. General Properties section.
  1. In the Name box, type the name of the device as you want to see it in SIP.
  2. In the Description box, type an optional description of the device being added.
  3. In the Management IP Address box, type the IP address of the device.
  4. In the Data Collector Group box, select the IP address of the data collector group that will collect data from this device.
  5. In the Central Syslog Server box, select the syslog server from the list (optional).

Syslog fields are optional if the device uses the same IP for syslog and management.
A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

  1. In the Syslog Match Names box, type the syslog match names (optional). You can enter multiple names separated by a comma.
  2. By default, the Automatically Retrieve Configuration check box is selected.
  3. In the External ID box, type a unique identifier to be used when the device identifier is different than what is displayed in SIP.
  1. For Collection Configuration, enable Update Rule Documentation on Member Devices to allow Rule Documentation fields on member devices to inherit a value from the management station. Any management stations Rule Documentation field updates will override updates on the member device. A rule marked to be removed will not be updated.
  1. In the Device Settings section, the ADOM Name will be listed.
  1. Click Save.
    Devices being managed will be listed in the Discovered Devices section.