Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 241 - FortiManager - Managing Devices PDF

    Încărcat de

    Rafiai Khalid
    181 vizualizări21 pagini
    Adding Device from FortiGate Unit used when the fortimanager system is on a public network, but the FortiGate Unit is behind a firewall. Protocol designed for Mixed scenario from the above (especially where NAT is used) - devices behind firewall communication channel created using FGFM protocol to secure transfer - Internal link ip addresses used (using link local addressing)

    Descriere originală:

    Titlu original

    241 - FortiManager - Managing Devices.pdf

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Adding Device from FortiGate Unit used when the fortimanager system is on a public network, but the FortiGate Unit is behind a firewall. Protocol designed for Mixed scenario from the above (especially where NAT is used) - devices behind firewall communication channel created using FGFM protocol to secure transfer - Internal link ip addresses used (using link local addressing)

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    181 vizualizări21 pagini

    241 - FortiManager - Managing Devices PDF

    Încărcat de

    Rafiai Khalid
    Adding Device from FortiGate Unit used when the fortimanager system is on a public network, but the FortiGate Unit is behind a firewall. Protocol designed for Mixed scenario from the above (especially where NAT is used) - devices behind firewall communication channel created using FGFM protocol to secure transfer - Internal link ip addresses used (using link local addressing)

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 21

    Managing Devices

    Adding Devices

    Device is identified and configuration imported into device database


    Organize devices into group to simplify management
    Secure exchange of information between devices and FortiManager
    system

    Adding Device from FortiGate Unit

    Used when the FortiManager system is on a public network, but the


    FortiGate unit is behind a firewall
    FortiGate unit will be listed in FortiManager system as an unregistered
    device
    Complete process in FortiManager Web Config

    Adding Devices

    Add a single device or add multiple devices at the same time


    Auto Discover default for adding multiple devices
    Unregistered devices have already been discovered
    Only need to add the unregistered device to registered device list

    FortiGate to FortiManager (FGFM) Protocol

    Discovery of devices done in the one direction where the devices can
    locate one another
    Devices behind firewall

    Communication channel created using FGFM protocol to secure


    transfer
    Internal link IP addresses used (using link local addressing)

    FortiGate units maintain list of trusted FortiManager devices

    FortiGate to FortiManager (FGFM) Protocol

    Designed for FortiGate and FortiManager deployment scenarios


    (especially where NAT is used)
    FortiManager system is on public internet, FortiGate unit is behind NAT
    FortiGate unit is on public internet, FortiManager system is behind NAT

    Both FortiManager system and FortiGate unit have routable IP addresses


    Mixed scenario from the above

    FortiGate to FortiManager (FGFM) Protocol

    On FortiGate unit
    get system central-management
    status:
    enable
    mode:
    normal
    type:
    fortimanager
    schedule-config-restore:
    enable
    schedule-script-restore:
    enable
    allow-push-configuration:
    enable
    allow-pushd-firmware:
    enable
    allow-remote-firmware-upgrade: enable
    allow-monitor:
    enable
    serial-number:
    "FMG-3K2404200056
    fmg:
    172.18.3.36
    fmg-source-ip:
    0.0.0.0
    vdom:
    root
    enc-algorithm:
    default

    FortiGate to FortiManager (FGFM) Protocol

    On FortiManager unit
    diagnose debug enable
    diagnose fgfm session-list
    Session List
    device()ip(0.0.0.0)tunnel(0.0.0.0)uptime:
    device(FGT60C3G10004267)ip(172.20.181.12)tunnel(169.254.0.2)uptime
    :Mon Aug 29 09:35:22 2011

    FortiGate to FortiManager (FGFM) Protocol

    Debugging FortiGate-to-FortiManager communication protocol


    On FortiManager device
    diag
    diag
    diag
    diag
    diag

    deb application fgfmsd 255


    sniff packet xxx 'port 541'
    fgfm session-list
    fgfm object-list
    fmnetwork interface list

    On FortiGate unit
    diag deb appl fgfmd -1
    diag sniff packet xxx 'port 541'

    FortiGate to FortiManager (FGFM) Protocol

    diagnose fmnetwork interface list

    svr_fgfm Link encap:UNSPEC HWaddr 00-00-0000-00-00-00-00-00-00-00-00-00-00-00-00 inet


    addr:169.254.0.1 P-t-P:169.254.0.1
    Mask:255.255.0.0UP POINTOPOINT RUNNING
    NOARP MULTICAST MTU:1492 Metric:1RX
    packets:35133 errors:0 dropped:0 overruns:0
    frame:0TX packets:34866 errors:0 dropped:0
    overruns:0 carrier:0collisions:0
    txqueuelen:500 RX bytes:8578867 (8.1 MiB)
    TX bytes:3642787 (3.4 MiB)

    Configuring Devices
    Devices
    configured using
    Device Manager
    Configuration
    interface similar
    to the FortiGate
    Web Config
    Configuration
    changes saved
    and can be
    applied to
    all/selected
    devices

    Configuration Status

    Configuration Status

    Installing Configuration Changes

    Installing Configuration Changes

    Monitoring Tasks

    Revision History Device Manager


    Retrieve current device config as a new
    revision and load into the device database

    Rename and add comments

    View configuration file

    Import a device
    configuration file

    Diff

    Delete
    Revert

    Revision History Device Manager

    From the CLI the Revision History can be queried


    execute dmserver
    delrev (delete all revisions)
    revlist (show revision list of specified device)
    showconfig (display configuration of specified device)
    showdev (display devices)
    showrev (show revision configuration)

    Device Configuration Objects

    Configurable policy and device settings represented by objects


    Provides centralized location where configurations and settings can be
    identified and copied to Device Database

    Device Configuration Objects

    Dynamic Objects in GMS Mode

    Objects that may vary from one device to another can be configured as
    dynamic objects and mapped to individual devices
    Interfaces
    Firewall addresses

    Dynamic NAT configuration

    Dynamic objects selected when policies created in Policy Console


    No dynamic objects in EMS mode

    S-ar putea să vă placă și