Transcription
DATA SHEETFortiManagerAvailable in:ApplianceVirtualMachineCloudFortiManager provides automation-driven centralizedmanagement of your Fortinet devices from a single console.This process enables full administration and visibility ofyour network devices through streamlined provisioning andinnovative automation tools.Integrated with the Fortinet Security Fabric advanced securityarchitecture and automation driven network operationscapabilities provide a solid foundation to secure and optimizeyour network security.Key FeaturesnnnnnSingle-Pane Management and Provisioning streamlines centralized policy andobject management and provisioning, automatic revision history and control, andenhanced role-based access control (RBAC) features for script management andIPS management with role separation.nFabric Automation simplifies the zero-touch provisioning (ZTP) deployment processfor SD-Branch (FortiGates and access devices) with powerful templates thatdirectly utilize meta-variables for scalable provisioning to thousands of sites.nMonitoring and Visibility for device inventory, applications, SD-WAN, LAN edge,management extension applications (MEAs), traffic, public cloud, and more.Centrally manage networkand security policies forthousands of FortiGate NGFWsand Secure SD-WAN plusFortiSwitches, FortiAP, andFortiExtender. Provide signatureupdates to FortiGate, FortiMail,FortiSandbox, and FortiClientGet centralized distribution ofsecurity content and signaturesthrough the use of the built-inFortiGuard moduleSimplify configuration,deployment, and maintenancefor Secure SD-WAN at scale.Accelerate FortiExtenderWireless WAN connectivity withcentralized management acrossdistributed sitesReduce complexity and costsby leveraging automated RESTAPI, scripts, connectors, andautomation stitchesAutomate workflows andconfigurations for Fortinetfirewalls, switches, and wirelessinfrastructureSeparate customer data andmanage domains leveragingADOMs to be compliant andoperationally effectiveHigh availability to automatebackups for up to five nodeswith streamlined software andsecurity updates for all manageddevices1
DATA SHEET FortiManagerFEATURE HIGHLIGHTSSingle Pane Management and ProvisioningDevice Configuration and ProvisioningFortiManager expands the network administrator’scapabilities with a rich set of tools to centrally manage up to100 000 devices including FortiGate NGFWs, FortiExtender,FortiSwitch switches, FortiAP access points, Fortinet SecureSD-WAN, and more.Collectively configure device settings using enhanced CLItemplates with variables, zero-touch provisioning templatesfor quick mass deployments, firmware version enforcementfor installs and upgrades, templates to assign policy packagesand policy and object revision history for auditing.Secure SD-WANFortiManager offers powerful SD-WAN managementcapabilities using intuitive workflows and simplifiedprovisioning at scale. Leverage application centric SD-WANbusiness policies to fine-tune traffic steering decisions basedon performance service level agreement (SLA) targets foreach WAN provider.Simplify and accelerate SD-WAN configuration on a globalscale with automated SD-WAN overlay provisioning. Utilizedevice blueprints for large SD-WAN deployments with supportto import CSV templates and assign meta-data variables.FortiManager includes extended SSL and certificate supportfor enhanced ssl-ssh-profile configuration, Restricted IPSAdmin Profiles to support transitioning and upgrading fromdedicated IPS solutions, custom commands on FortiSwitchand configuring MCLAG from the FortiSwitch Manager.Automated device configuration backups and revision controlmake daily administrative tasks easy. Track changes in theenhanced Event Log view for review of configuration updatesfor auditing and compliance.Security Policy and Objects ManagementFortiManager Policy and Objects views enable admins tocentrally manage and configure device policies, includingupdating network settings, antivirus definitions, intrusionprevention signatures, access rules, and software updates.The global policy feature allows MSSP and PaaS providers toapply ADOM level header/footer policies for updating all policypackages or select packages. Policy and Objects views nowinclude a revision history, providing an account of admins whohave made changes, change date, summary, and a mandatorychange notes field to capture change reason.Use the Secure SD-WAN reports and monitoring dashboardsto closely monitor application performance including metricsfor bandwidth, latency, jitter, and packet loss.Multi-Tenancy and Role-Based AdministrationFortiManager provides granular device and role-basedadministration and zero-trust multi-tenancy deployments forlarge enterprises and a hierarchical objects database for reuse of common configurations to serve multiple customers,for clear visibility of every device and user on the network.The per-policy lock feature allows admins to control the policychange by implicitly locking a policy rule when a policy ischanged. Admins can also group commonly used policies in apolicy block and insert in different Policy Packages.ADOMs (administrative domains) are used to manageindependent security environments, each with its ownsecurity policies and configuration database. The intuitive GUImakes it easy for admins to view, create, clone, and manageADOMs, define global Objects, Policies, and Security Profilesacross ADOMs, with Health Check to keep ADOMs in sync.Extend security policies across hybrid and multi-cloudenvironments, with common configuration assignments andpolicy packages for IPSec, BGP, CLI and SD-WAN rules.Assign IPS admin restricted user role, for users performingonly IPS related object config and install. Use per-admin UIbackground themes for unique visual associations.22
DATA SHEET FortiManagerFEATURE HIGHLIGHTSFortiManager High Availability (HA)Expanded Operations CapabilitiesFortiManager high availability (HA) provides enhancedreliability, data protection, redundancy, and operationalperformance to ensure agreed-upon uptime and availabilityrequirements are met, with option for dedicated interfacefor management of the individual cluster member. In theevent that the operating FortiManager unit fails, a backupFortiManager (one primary and up to four secondary) unitcan take the place of the failed unit, for seamless access todevices and business-critical network operations.Increase operational efficiencies with simplified andautomated provisioning and deployment of Fabric devices,using open Fabric APIs for new integrations and workflows.Fabric AutomationNetwork and Security Operations Visibility (NOC/SOC)FortiManager supports NOC-SOC workflows to assist networkteams in maintaining optimal performance. Automated dataexchanges between security (SOC) workflows and operational(NOC) workflows, create a single, complete workflow that notonly saves time, but also provides the capacity to completeadditional incident response activities.Utilize ZTNA rules and policies to enforce access control, andthe EMS connector to retrieve ZTNA tags or tag groups, andconfigure a ZTNA server and use the ZTNA tags in policies toenforce zero trust RBAC (role based access control).Make use of FortiSwitch multiple port selection configurationtemplates for effortless configuration of native and allowedvlans, security policies, QoS policies, and LLDP Profiles forsimplified LAN edge management.Use the IPS wizard with IPS sensor selections and IPStemplates for quick and easy creation and installation of IPSprofiles. Admins can use the IPS Signatures on-hold monitorfor a centralized view of all on-hold signatures, includingseverity, OS, application, on-hold dates, and more.Integration with FortiAnalyzer magnifies visibility withadvanced data visualization and analytics. This insighthelps analysts quickly connect-the-dots, identify threats,and simplify the expeditious configuration and security ofmanaged devices.Automation and ConnectorsUtilize automation and orchestration and optimize networkoperations with FortiManager through querying of FortiGateNGFWs and the Fortinet Security Fabric via applicationprogramming interfaces (APIs). This process will activelycollect and share network information and broaden end-toend visibility and response.FortiManager reduces complexity and cost by leveragingREST API, scripts, connectors, and FortiGate automationstitches to automate time-intensive processes and accelerateworkflows. This method helps NOC and SOC teams byreducing administrative tasks, and addressing talentshortages. Admins can automate common tasks such asprovisioning of FortiGate NGFWs and configuring new orexisting devices.Join the Fortinet Developer Network (FNDN) for exclusiveaccess to articles, how-to content for automation andcustomization, community-built tools, scripts, and samplecode.3Security Fabric and Third Party IntegrationFortiManager integrates with ITSM to seamlessly mitigatesecurity incidents and events, apply configuration changes,and update policies. Integration with FortiAnalyzer providesin-depth discovery, analysis, prioritization, and reporting ofnetwork security events.Use Fabric connectors to facilitate connections with thirdparty vendors such as vCenter, pxGrid, ClearPass, OCI, ESXi,AWS, and others to share and exchange data.The FortiManager workflow for audit and compliance enablesreview, approval, and auditing policy changes. These methodsinclude automating processes for policy compliance, policylifecycle management, and enforced workflow to reduce risk.
DATA SHEET FortiManagerFEATURE HIGHLIGHTSMonitoring and VisibilityNOC Cloud ServicesManage and Monitor with Deep VisibilityManagement ExtensionsThe FortiManager Device Manager provides full visibility,access, and management of Fortinet managed devices,interfaces, scripts, templates, automation, users, settings,and more. Install, edit, and delete policies. Monitor the healthof FortiGate devices through customizable dashboards andwidgets to see resource usage, network status of DHCP,IPsec and SSL VPN, routing, traffic shapers, and more.Easily navigate the hierarchical tree with categories formanaged devices, logging devices, unauthorized devices, andcustomize to display as a table, folder, or a map view.The Management Extensions pane allows rapid expansion ofthe single pane to manage more Security Fabric products.The built-in engine runs containerized management extensionapplications (MEAs) pulled from FortiGuard Labs ThreatIntelligence. FortiManager’s MEAs include one-click accessto modules for FortiAIOps, SD-WAN, FortiPortal, FortiWLM,FortiSigConverter, FortiAuthenticator, and FortiSOAR.Use Fabric View to check Security Fabric ratings andconfigurations of FortiGate devices or groups. Accessvital security and network statistics, as well as real-timemonitoring and topology information to provide visibility intonetwork and user activity. Add a FortiAnalyzer appliance orvirtual machine (VM) for powerful analytics and enhancedFabric view with asset and identity info, additional datamining, statistical analysis, and graphical reportingcapabilities.FortiManager includes a multitude of tools for simple andintuitive analysis of Fortinet firewalls, switches, access points,and more. Gain one-click access to MEAs like the FortiAIOpsextension, IPS Admin visibility into installed IPS configurationsand monitoring of IPS Diagnostics, and Device InventoryMonitor with device and user information, plus new columnselections to show FortiSwitch, FortiAP and SSID information.Dynamic Cloud SecurityFortinet cloud security and management solutions offerorganizations a PaaS-based delivery option for centralmanagement of FortiGate devices from a cloud-basedFortiManager.FortiManager Cloud provides an automation-driven andsingle pane-of-glass management capability that is easy-toimplement, easy-to-manage, flexible, and scalable.Use the single sign-on portal to manage Fortinet NGFW andSD-WAN. The built-in cloud-init service allows admins toeasily customize a prepared image of a virtual installation forKVM, AZURE, and AWS. FortiManager cloud-based networkmanagement helps organizations streamline FortiGateprovisioning with automation-enabled management ofFortinet devices.With the FortiCloud Premium subscription, customers caneasily enable the FortiManager Cloud service with theFortiAnalyzer Cloud with SOCaaS license, providing accessto manage a range of Fortinet solutions and services forsimplified network and security management. Customers caneasily access their FortiManager Cloud from their FortiCloudsingle sign-on portal.Trusted Platform Module (TPM) EncryptionFortiManager G Series features a dedicated micro-controllermodule that hardens physical networking appliances bygenerating, storing, and authenticating cryptographic keysin TPM. This hardware-based security mechanism protectsusers from malicious software and phishing attacks.44
DATA SHEET FortiManagerVIRTUAL OFFERINGSFortiManager Virtual MachinesFortiManager virtual machines are a virtual version of thehardware appliance and are designed to run on manyvirtualization platforms, offering all the latest features of theFortiManager appliance. They allow organizations to centrallymanage any number of Fortinet network security devicesand scale from several to thousands, supporting centralizedmanagement, best practices compliance, and automatedworkflows to deliver superior protection against threats.FortiManager-VMs are available in both a subscription andperpetual offering.FortiManager-VM-SThe new FortiManager-VM subscription license modelconsolidates the VM product SKU and the FortiCare SupportSKU into a single SKU to simplify the product purchase,upgrade, and renewal.The FortiManager-VM S Series SKUs come in stackablesubscriptions to manage 10, 100, and 1000 devices/ VDOMs.Multiple units of this SKU can be purchased at one time toincrease the number of devices/ VDOMs as needed. This SKUcan also be purchased with other FortiManager-VM-S SKUsto expand the total number of devices/ VDOMs.FortiManager-VMFortinet offers the FortiManager-VM in a stackable licensemodel. This software-based version of the FortiManagerhardware appliance is designed to run on many virtualizationplatforms, which allows you to expand your virtual solutionas your environment expands. The FortiManager virtualappliance family minimizes the effort required to monitorand maintain your network and offers all the features of theFortiManager hardware appliance.SPECIFICATIONSFORTIMANAGER VIRTUAL MG-VM-5000-UGCapacityDevices/VDOMs (Default)1, 310 100 1000 5000 Storage Capacity200 GB1 TB4 TB8 TBGB/ day of Logs2251025 ⃝ ⃝ ⃝ ⃝Chassis ManagementVirtual MachineHypervisor SupportvCPU Support (Minimum / Maximum)Up-to-date hypervisor support can be found in the release notes for each FortiManager version.Visit https://docs.fortinet.com/product/fortimanager/ and find the Release Information at the bottom section.Go to “Product Integration and Support” - “FortiManager [version] support” - “Virtualization”4 / UnlimitedNetwork Interface Support (Min / Max) 41/4Storage Support (Minimum / Maximum)100 GB / 16 TBMemory Support (Minimum / Maximum)8 GB / Unlimited for 64-bitHigh Availability Support1 Each virtual domain (VDOM) operating on a physical or virtual device counts as one (1) licensed network device.2 Storage capacity and GB/ day of logs are not stackable. These values represent the maximum available with purchased license.3 VM SKUs are stackable up to 100 000 Devices/VDOMs.4 VM supports up to 12 vNIC interfaces/ports. Applicable to 6.4.3 . Actual consumable numbers vary depending on cloud platforms.5Yes
DATA SHEET FortiManagerSPECIFICATIONSFORTIMANAGER APPLIANCESFMG-200GFMG-400GDevices/VDOMs (Default)130150Devices/VDOMs (Maximum)3——Sustained Log Rates5050GB/ day228 TB (2 x 4 TB)32 TB (8 x 4 TB)Capacity and PerformanceHardware SpecificationsStorage CapacityUsable Storage (after RAID)RAID Levels SupportedDefault RAID LevelHardware Form FactorTotal InterfacesConsole Port4 TB24 TBRAID 0/1RAID 0/1,1s/5,5s/6,6s/10/50/601501 RU Rackmount2 RU Rackmount4xRJ45 GE4 x GE RJ45, 2 x SFPRJ45RJ45Removable Hard DrivesNo ⃝Redundant Hot Swap Power Supplies ⃝* ⃝*Gen2 ⃝Trusted Platform Module (TPM) 2DimensionsHeight x Width x Length (inches)1.73 x 17.24 x 16.383.5 x 17.5 x 22.2Height x Width x Length (cm)4.4 x 43.8 x 41.68.8 x 44.5 x 56.5Weight22.5 lbs (10.2 kg)35.27 lbs (16 kg)EnvironmentAC Power Supply100-240V 50-60 Hz100–240V AC, 50-60 HzPower Consumption (Average / Maximum)90.1W / 99 W140 / 182 WHeat Dissipation337.8 BTU/h621 BTU/h32 –104 F (0 –40 C)32 –104 F (0 –40 C)Operating TemperatureStorage TemperatureHumidityOperating Altitude-13 –167ºF (-25 –75ºC)-4 –167 F (-20 –75 C)20% to 90% non-condensing5% to 95% non-condensingUp to 7400 ft (2250 m)Up to 7400 ft (2250 m)FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CBFCC Part 15 Class A, RCM, VCCI,CE, UL/cUL, CBComplianceSafety Certifications1 Each virtual domain (VDOM) operating on a physical or virtual device counts as one (1) licensed network device.Global policies and high availability support available on all models.2 Gen2 refers to hardware that has been upgraded since initial release.3 Devices/VDOMs maximum with device add-on license, if supported.* Optional redundant AC power supply, not included.66
DATA SHEET FortiManagerSPECIFICATIONSFORTIMANAGER APPLIANCESFMG-1000FFMG-3000GFMG-3700GCapacity and PerformanceDevices/VDOMs (Default)11000400010 000Devices/VDOMs (Maximum)3—8000100 000Sustained Log Rates50150150GB/ day2101032 TB (8x 4TB)64 TB (16 x 4TB)240TB (60x 4TB) HDD 19.2TB (6x 3.2TB)NVMe SSDHardware SpecificationsStorage CapacityUsable Storage (after RAID)RAID Levels SupportedDefault RAID Level24 TB56 TB224 TBRAID 0/1,1s/5,5s/6,6s/10/50/60RAID 0/1,1s/5,5s/6,6s/10/50/60RAID 0/1,1s/5,5s/6,6s/10/50/605050502 RU Rackmount3 RU Rackmount4 RU Rackmount2x RJ45 10GE ports, 2x SFP ports2 x GE RJ45 ports, 2x 25GE SFP282x 25GE SFP28, 2x 10GE RJ-45DB-9DB-9DB-9Removable Hard Drives ⃝ ⃝ ⃝Redundant Hot Swap Power Supplies ⃝ ⃝ ⃝Trusted Platform Module (TPM) 2NoNo ⃝Hardware Form FactorTotal InterfacesConsole PortDimensionsHeight x Width x Length (inches)3.5 x 17.2 x 25.65.2 x 17.2 x 25.57.0 x 17.2 x 30.2Height x Width x Length (cm)8.9 x 43.7 x 65.013.2 x 44.0 x 65.017.8 x 43.7 x 76.7Weight34 lbs (15.42 kg)65.5 lbs (30.15 kg)120 lbs (54.6 kg)100–240V AC, 50–60 Hz100-127V /10A, 200-240V /5A Hz2000W AC 4192.5W/275 W449W/541 W850/ 1423.4 WEnvironmentAC Power SupplyPower Consumption (Average / Maximum)Heat DissipationOperating TemperatureStorage TemperatureHumidityOperating Altitude920 BTU/h1846.5 BTU/h4858 BTU/h50 –95 F (10 –35 C)32 –104 F (0 –40 C)50 –95 F (10 –35 C)-40 –140 F (-40 –60 C)-40 –167 F (-20 –75 C)-40 –158 F (-40 –70 C)8% to 90% non-condensing5% to 95% non-condensing5% to 95% non-condensingUp to 7400 ft (2250 m)Up to 7400 ft (2250 m)Up to 7400 ft (2250 m)FCC Part 15 Class A, RCM, VCCI,CE, UL/cUL, CBFCC Part 15 Class A, RCM, VCCI, CE, BSMI,KC, UL/cUL, CB, GOSTFCC Part 15 Class A, RCM, VCCI, CE, BSMI,KC, UL/cUL, CB, GOSTComplianceSafety Certifications1 Each virtual domain (VDOM) operating on a physical or virtual device counts as one (1) licensed network device.Global policies and high availability support available on all models.2 Gen2 refers to hardware that has been upgraded since initial release.3 Devices/VDOMs maximum with device add-on license, if supported.4. 3700G must connect to a 200V - 240V power source.7
DATA SHEET FortiManagerORDER ription License withSupport and NFMG-200GCentralized management appliance — 4xRJ45 GE, 8 TB storage, up to 30x Fortinet devices/VDOMs.FMG-400GCentralized management appliance — 4 x GE RJ45, 2 x SFP, 32 TB storage, up to 150 Fortinet devices/VDOMs.FMG-1000FCentralized management appliance — 2x RJ45 10G, 2x SFP slots, 32 TB storage, up to 1000 Fortinetdevices/VDOMs.FMG-3000GCentralized management appliance — 2 x GbE RJ45 ports, 2x 25GbE SFP28, 64 TB storage, dual powersupplies, manages up to 4000 Fortinet devices/VDOMs.FMG-3700GCentralized management appliance — 2x 25GE SFP28, 2x 10GE RJ-45, 240 TB 19.2 TB storage, dualpower supplies, manages up to 10 000 Fortinet devices/VDOMs.FC1-10-FMGVS-448-01-DDSubscription license for 10 devices/VDOMs managed by FortiManager-VM S series. 24x7 FortiCare supportplus FortiCare Best Practice services included.FC2-10-FMGVS-448-01-DDSubscription license for 100 devices/VDOMs managed by FortiManager-VM S series. 24x7 FortiCare supportplus FortiCare Best Practice services included.FC3-10-FMGVS-448-01-DDSubscription license for 1000 devices/VDOMs managed by FortiManager-VM S series. 24x7 FortiCaresupport plus FortiCare Best Practice services included.FMG-VM-10-UGUpgrade license for adding 10 Fortinet devices/VDOMs; allows for total of 2 GB/ day of logs and 200 GBstorage capacity.FMG-VM-100-UGUpgrade license for adding 100 Fortinet devices/VDOMs; allows for total of 5 GB/ day of logs and 1 TBstorage capacity.FMG-VM-1000-UGUpgrade license for adding 1000 Fortinet devices/VDOMs; allows for total of 10 GB/ day of logs and 4 TBstorage capacity.FMG-VM-5000-UGUpgrade license for adding 5000 Fortinet devices/VDOMs; allows for total of 25 GB/ day of logs and 8 TBstorage capacity.FC-10- [FortiGate Model Code]-179-02-DDCloud-based central management and orchestration service for FortiGate.FC-10- [FortiGate VM Model Code]-179-02-DDCloud-based central management and orchestration service for FortiGate.FC1-10-MVCLD-227-01-DDSubscription for 10 devices/VDOMs managed by FortiManager Cloud. 24x7 FortiCare support included.FC2-10-MVCLD-227-01-DDSubscription for 100 devices/VDOMs managed by FortiManager Cloud. 24x7 FortiCare contract is included.FC3-10-MVCLD-227-01-DDSubscription for 1000 devices/VDOMs managed by FortiManager Cloud. 24x7 FortiCare support included.Hardware BundleFMG-[Hardware Model]-BDL-447-DDHardware plus 24x7 FortiCare and FortiCare Best Practice Service.FortiManager DeviceUpgrade LicenseFMG-DEV-100-UGFortiManager device upgrade license for adding 100 Fortinet devices/VDOMs(3000 series and above - hardware only).* Requires FortiCloud Premium Account licenseNOTE:For hardware models, the default number of ADOMs can be found in the Release Notes on docs.fortinet.comFor FortiManager-VM Subscription licenses for 5 ADOMs are included. Additional ADOMs can be purchased.www.fortinet.comCopyright 2022 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other productor company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and otherconditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaserthat expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, anysuch warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwiserevise this publication without notice, and the most current version of the publication shall be applicable.Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you will not useFortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including those involving censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet /assets/legal/EULA.pdf) and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy i/19775/Whistleblower Policy.pdf).FMG-DAT-R72-20220513
FortiManager Cloud provides an automation-driven and single pane-of-glass management capability that is easy-to-implement, easy-to-manage, flexible, and scalable. Use the single sign-on portal to manage Fortinet NGFW and SD-WAN. The built-in cloud-init service allows admins to easily customize a prepared image of a virtual installation for
