FortiManager Instructor

Guide
for FortiManager 6.2
Fortinet Training
http://www.fortinet.com/training

Fortinet Document Library
http://docs.fortinet.com

Fortinet Knowledge Base
http://kb.fortinet.com

Fortinet Forums
https://forum.fortinet.com

Fortinet Support
https://support.fortinet.com 

FortiGuard Labs
http://www.fortiguard.com

Fortinet Network Security Expert Program (NSE)

https://www.fortinet.com/support-and-training/training/network-security-expert-program.html

Feedback
Email: courseware@fortinet.com

6/27/2019
TABLE OF CONTENTS

Product Version 4
What’s New from 6.0 to 6.2 5
General Changes 5
Changes in Lessons 5
Lesson 1 - Introduction and Initial Configuration 5
Lesson 2 - Administration and Management 5
Lesson 3 - Device Registration 5
Lesson 4 - Device Level Configuration and Installation 5
Lesson 6 - SD-WAN and Security Fabric 5
Lesson 7 - Diagnostics and Troubleshooting 6
Known Issues 7
Materials and System Requirements 8
Class Size 9
Lab Setup 10
Prerequisite Configuration Objects 10
Time to Complete 12
Product Version

FortiManager 6.2

4 FortiManager 6.2 Instructor Guide

Fortinet Technologies Inc.
What’s New from 6.0 to 6.2

This section highlights some of the key changes in this update of the FortiManager course.

General Changes

Advanced Configuration lesson has been renamed to SD-WAN and Security Fabric.

Changes in Lessons

This section provides details about changes and new feature information added to specific lessons.

Lesson 1 - Introduction and Initial Configuration

l FortiClient manage pane is removed from 6.2 ADOM.
l NOC-SOC now called SOC
l TELNET option is no longer available for admin access

Lesson 2 - Administration and Management

l Supported ADOM version, ADOM 6.0 currently can not support FortiOS 6.2
l Wildcard check box option for LDAP remote admin changed to match all users

Lesson 3 - Device Registration

l Unregistered /Registered device now called unauthorized /authorized device
l Device manager map view added, now you can configure device location and view on map view

Lesson 4 - Device Level Configuration and Installation

l Install config feature renamed to quick install
l Device must added with proper FortiOS admin credentials when using TCL scripts

Lesson 6 - SD-WAN and Security Fabric

l Security Fabric physical and logical topology views are available on FortiManager 6.2
l Security Fabric deployment from FortiManager (in 6.0 course, configure on FortiGate and then added to the
FortiManager)

FortiManager 6.2 Instructor Guide 5

Fortinet Technologies Inc.
 Changes in Lessons What’s New from 6.0 to 6.2

Lesson 7 - Diagnostics and Troubleshooting

l Registering from FortiGate through CLI will fail on FortiManager version 6.0 or higher, when the non-default admin
account is used
l When replacing a FortiGate cluster member, FortiManager will learn the new serial number through the FGFM
tunnel

6 FortiManager 6.2 Instructor Guide

Fortinet Technologies Inc.
Known Issues

Some of the labs are using workarounds to avoid these issues.

Description Bug ID

System settings edit admin, adom list, if you select ADOM and directly click OK, ADOM 0550856
list will still show in main page

Unable to assign provisioning template as a standard user with specific ADOM 0556334

FortiManager is unsetting the reliable option for FortiAnalyzer log settings 0521379

Installation History icon / link missing in task monitor for install device settings 0504421

FortiManager 6.2 Instructor Guide 7

Fortinet Technologies Inc.
Materials and System Requirements

Prior to teaching this lesson, gather the materials.

This course has both on-location (classroom) and online versions.

In the on-location version, you probably will be teaching most or all of the lessons. (Each lesson is a subject-
specific lesson.)

If you teach the online version of this class, you may be teaching one or all of the lessons. To access online
content, students must have a computer with:

l High-speed Internet connection

l Up-to-date web browser
l PDF viewer
l Speakers or headphones
l (For online labs) Up-to-date Java runtime environment (JRE) with Java plugin enabled in the browser or HTML 5
support
Wi-Fi is not recommended due to packet loss. Firewalls (including FortiClient and Windows Firewall) must
allow connections with the virtual lab.
Students must be able to reach both the virtual lab hosted by CloudShare (connectivity details are in the Lab
Guide) and the NSE Institute (https://training.fortinet.com). On the NSE Institute, students can download a copy
of the Lab Guide for labs and Study Guide for exam preparation. They may also be able to view an alternative
video of the presentation.

Item Amount

Instructor Guide 1 per class

(this document)

Presentation Slides for Instructor 1 per class

Study Guide* 1 per student

(presentation slides and slide notes)

Lab Guide*
1 per student
(lab instructions)

Virtual Lab Environment 1 per student

(VM licenses and FortiGuard services included)

Student Name Tent (optional) 1 per student

* The Lab Guide and Study Guide are ordered as a bundle (kit) from Gilmore.

8 FortiManager 6.2 Instructor Guide

Fortinet Technologies Inc.
 Materials and System Requirements Class Size

Class Size

Ideally, teach this course in a small classroom with no more than 12 people. Larger groups are possible
depending on the instructor’s preference. Smaller groups, however, will limit class discussion.

FortiManager 6.2 Instructor Guide 9

Fortinet Technologies Inc.
Lab Setup

VMs in the virtual lab are running FortiManager 6.2

Topology is in the Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 6.2, and the Lab
Guide.

Prerequisite Configuration Objects

If a specific configuration is required on any of the VMs prior to starting a specific lab, the lab will include a
"Prerequisites" section. This section explains what configuration file to upload to which VM.

In addition, each lab includes a "solutions" configuration file. This file includes the completed configuration for
any given lab. This is useful in case the student does not have enough time to finish the lab or they are
experiencing difficultly.

FortiManager initial config is available from Local-Windows desktop under Resources/Initial-

Configuration.

All other available resources are available from the Local-Windows desktop under
Resources/FortiManager:

Lab Initial Configuration Solution Configuration

1: Introduction and Initial /Introduction/ N/A

Configuration
Local-FortiGate:
Local-initial

Remote-FortiGate:
Remote-initial

/LAB2-Solution/

FortiManager:
2: Administration and
N/A FMG-Lab2-Solution
Management
Local-FortiGate-Lab2-Solution

Remote-FortiGate-Lab2-Solution

3: Device Registration N/A /LAB3-Solution/

FMG-Lab3-Solution

Local-FortiGate-Lab3-Solution

Remote-FortiGate-Lab3-Solution

10 FortiManager 6.2 Instructor Guide

Fortinet Technologies Inc.
Lab Setup Prerequisite Configuration Objects

Lab Initial Configuration Solution Configuration

Local-Script, Remote-Script
/LAB4-Solution/

4: Device-Config N/A FMG-Lab4-Solution

Local-FortiGate-Lab4-Solution

Remote-FortiGate-Lab4-Solution

5: Policy N/A /LAB5-Solution/

FMG-Lab5-Solution

Local-FortiGate-Lab5-Solution

Remote-FortiGate-Lab5-Solution

/SD-WAN and Security

Fabric/

Local-FortiGate: /LAB6-Solution/
Local-sd-wan FMG-Lab6-Solution
6: SD-WAN and Security
Fabric Remote-FortiGate: Local-FortiGate-Lab6-Solution
Remote-sd-wan Remote-FortiGate-Lab6-Solution
FortiManager:
FMG-sd-wan

7:Diagnostics and /Troubleshooting/ /LAB7-Solution/

Troubleshooting
Local-FortiGate: FMG-Lab7-Solution

Local-diag Local-FortiGate-Lab7-Solution

Remote-FortiGate: Remote-FortiGate-Lab7-Solution
Remote-diag

FortiManager:
FMG-diag

8:Additional FGT_VM64-v6-build0909-
N/A
Configuration FORTINET

FortiManager 6.2 Instructor Guide 11

Fortinet Technologies Inc.
Time to Complete

Schedule and time required to complete each lesson may vary by region or expertise of the students. Whether the
course is described as 1-day or 2-day, for example, assume 7 hours of classroom time per day, allowing 1 hour for
breaks.

Avoid lectures longer than 30 minutes. Break lessons into 2 segments if necessary. This accommodates
emergency phone calls, bathroom breaks, snacks for diabetics, etc. and won’t tax students’ attention spans.

Lesson Estimated Time

Introduction and Initial Configuration Lecture: 45 minutes

Lab (if purchased): 20 minutes

Total: 65 minutes

Lecture: 55 minutes

Administration and Management Lab (if purchased): 45 minutes

Total: 100 minutes

Device Registration Lecture: 45 minutes

Lab (if purchased): 30 minutes

Total: 75 minutes

Lecture: 65 minutes
Device Level Configuration and Installation
Lab (if purchased): 70 minutes

Total: 135 minutes

Policy and Objects Lecture: 65 minutes

Lab (if purchased): 60 minutes

Total: 125 minutes

Lecture: 40 minutes
SD-WAN and Security Fabric
Lab (if purchased): 40 minutes

Total: 80 minutes

Diagnostics and Troubleshooting Lecture: 55 minutes

Lab (if purchased): 30 minutes

Total: 85 minutes

12 FortiManager 6.2 Instructor Guide

Fortinet Technologies Inc.
Time to Complete

Lesson Estimated Time

Lecture: 60 minutes
Additional Configuration
Lab (if purchased): 15 minutes

Total: 75 minutes

Total Approximately 740 minutes (12 hours, 20 minutes)

FortiManager 6.2 Instructor Guide 13

Fortinet Technologies Inc.
No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright© 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.