Fortinet FortiManager: What It Is and How It Simplifies Firewall Management

Quick Answer: Fortinet FortiManager is a centralized management platform that lets you configure, monitor, and control multiple FortiGate firewalls from a single interface. It automates policy deployment across your network and simplifies firewall administration for organizations that manage multiple security devices.

Managing just a handful of firewalls isn’t too bad. You log into each one, make your changes, and that’s it. But what happens if you’re responsible for dozens, or even hundreds, of FortiGate firewalls across multiple sites?

FortiManager is the tool you need if you have a large device footprint, as it simplifies the management process significantly compared to manual steps. Say goodbye to logging into individual devices to push new changes and to configuration drift between your different sites. 

If you are working with Fortinet at any scale, then you need to understand what FortiManager does and how it fits into your network. It will save you hours of repetitive work and make the job of Fortinet management a seamless experience.

What is Fortinet FortiManager?

FortiManager is Fortinet’s centralized management system for FortiGate firewalls and other Fortinet security devices. It's like your command center for all your firewall operations.

It has three main jobs:

• It manages configurations on all your FortiGate devices. 

• It automates policy deployment so you don't have to manually configure each firewall individually.

• It keeps devices consistent across your infrastructure.

Network admins and security teams lean on FortiManager when they’re dealing with multiple FortiGate firewall devices on a network. Single firewalls are usually quite easy to maintain and configure because you only have to configure one device. When you start approaching 10, 20, or 50 devices, then manual management becomes a nightmare. 

FortiManager lets your network scale without the administrative headaches. Create a single security policy once and then push it to all devices that require it. You can update firmware on multiple devices and track changes from a single location—there are no more manual logins once you start using FortiManager. 

It runs either as a physical appliance, a virtual machine, or in the cloud—your setup will depend on your environment and the number of devices you need to manage.  

How Does FortiManager Fit into the Fortinet Ecosystem?

FortiManager doesn’t work on its own; it's part of Fortinet’s security fabric architecture, which connects all of your Fortinet products. FortiGate firewalls are a good example of devices that FortiManager integrates with, but it also connects to:

• FortiSwitch 

• FortiAP (access points) 

• FortiExtender

• FortiSASE (Secure Access Service Edge) 

• FortiDDoS 

• FortiSandbox 

• FortiMail 

• FortiWeb 

FortiManager instructs the firewalls on which enforcement policies to use, so when you push a policy down into the network, all devices that require the update will receive it after you send it. FortiManager offers basic logging and alerting capabilities, and it also integrates with FortiAnalyzer. FortiAnalyzer provides enhanced visibility into network events and potential threats, working in conjunction with FortiManager.

FortiManager integrates with Fortinet’s security services, giving you control over threat intelligence updates, application control databases, and security updates. It also features integrations with over 500 third-party tools, providing orchestration functionality with ITSM platforms, such as ServiceNow.

What are the Key Features of FortiManager?

FortiManager has a lot going on under the hood, so it packs a lot of functionality into its interface. Below are some of the features you will encounter for daily tasks and operations.

Centralized Policy Management

As we’ve briefly touched on, you can create security policies once and then deploy them to multiple devices. You can block a newly discovered threat across all your devices by deploying a single policy update, eliminating the need for copy/paste and logging in frantically to vulnerable devices.

Device Configuration Templates

Templates provide a standardized configuration that can be applied to multiple FortiGate devices. You set up a baseline configuration and then send it out to all of your locations, usually within minutes. If you ever need to make changes, you simply update your template and then push it out again.

Automated Firmware Management

Firmware updates are never fun, especially when they involve multiple locations. FortiManager automates the entire process by allowing you to schedule updates, stage them for testing, or roll them out to your entire network. It tracks all devices and identifies which ones need to be updated, then handles the deployment for you. It also handles staging updates in a test environment with rollback options in case of deployment problems.

Zero-Touch Provisioning and SD-WAN Orchestration

You can deploy new devices faster with pre-built templates, which reduces setup time for complex SD-WAN, SD-Branch, and hybrid environments. 

Change Management and Approval Workflows

It’s not always smart to push updates to your network without first conducting some form of testing or validation. Approval processes are a wise addition to any rollout procedure, and it is essential to ensure the rest of the business is aware of any changes that could disrupt operations before they are implemented. Logs are kept when a change has been approved and rolled out, detailing who made the change and when. 

Multi-Tenant Support

If you manage devices for different customers or divisions, then you’ll be happy to note that FortiManager supports multiple tenants. Multi-tenant support is handled through Administrative Domains (ADOMs), which create isolated management spaces, ensuring there is no risk of accidentally pushing a policy to the wrong network. 

Script Automation

If you don’t enjoy repetitive work, then scripting is probably something you already use. FortiManager features scripting capabilities that transform tedious tasks into straightforward operations. You can automate configuration changes, get reporting data, or create custom workflows that take the mundane repetition out of your workday. 

Backup and Restore

FortiManager backs up your device configurations automatically. When a device unexpectedly fails, you can quickly restore your last backup to the replacement unit without having to manually recreate the rules for that site.

How Does FortiManager Simplify Firewall Management?

Manually managing firewalls is a lot of repetitive work, and if you only have a few devices, then that might not be a deal breaker for you. The challenge is when your network scales up.

FortiManager does away with repetitive work by letting you make changes once and then deploy those changes at scale. This allows you to set security policies and update firmware from a central application.

Configuration drift occurs when devices that should be updated are either overlooked or their configurations are slightly off, and no longer adhere to the established plan. These inconsistencies accumulate over time and create security issues if they aren’t corrected. FortiManager maintains consistency by managing devices from a single source of truth.

It has approval workflows that ensure that whoever is pushing updates has their changes reviewed first, catching errors before they cause issues or outages.

What are the Main Benefits for IT Teams?

The time savings alone make FortiManager worth it, even when you factor in the initial setup, training, and licensing costs. You can complete tasks in a few minutes that would have taken hours to do manually. Complex updates and changes can be made in a few clicks, eliminating the need to log into 50 different devices and repeat the same steps multiple times. 

Keeping your policies consistent makes your environment more secure, which in turn improves your overall security posture. When all of your firewalls follow the same baseline configuration, you eliminate gaps in your security. All the same rules apply to each device, giving you a uniform defense with no exceptions.

Audit compliance is another win for FortiManager. It logs every change with timestamps and user information, so when auditors have questions, you have detailed answers. The logs are all accessible from within FortiManager, so again, you don’t need to hunt for logs from different devices—it’s all available from the same interface.

Onboarding new team members gets easier when all they have to learn about your environment is that you use FortiManager for firewall configurations. Instead of teaching a new employee how to log into each device manually, they have complete visibility over the network and can start learning about how your systems need to be configured, and not how to log into each one.

Hardware failures cause serious disruptions. FortiManager helps minimize these disruptions by automatically backing up device configurations. When a unit needs to be replaced, simply connect it and restore the previous unit’s configuration, and you’re back online in no time.

When Should You Consider Using FortiManager?

Very small environments may not be able to justify the added costs and initial setup complexity of using FortiManager, unless there are frequent changes taking place daily. If you have multiple sites with FortiGate firewalls, then FortiManager makes it easy to maintain a consistent security policy across the entire organization. 

If you manage multiple customers running FortiGate firewalls as a managed service provider (MSP), then FortiManager’s multi-tenancy features are a game-changer. It provides a clean separation between customer environments, reducing the likelihood of making changes to the wrong customer’s equipment, which would be awkward.

Even in a smaller setup with fewer firewalls, you can still benefit from FortiManager. If you are in a high-change period where new rules are being added and removed daily, then the built-in automation can save you a significant amount of time. 

Lastly, if you are growing your current Fortinet footprint and expanding to new locations, then start with FortiManager as soon as possible. This makes new device setups a breeze, and it makes more sense to start with it from the beginning, rather than adding it after you have done all the hard manual work for new devices.

Conclusion

FortiManager lets you move away from manual, one-device-at-a-time operations, into a centralized, streamlined workflow. It’ll save you time, cut down on errors, and keep your security policies consistent across your whole network.

If you are responsible for managing multiple Fortinet environments, FortiManager is the ideal solution to stay in control and scale up as your infrastructure grows. 

Want to learn more about managing Fortinet environments? The FortiManager Administrator online training covers everything from basic setup to advanced automation techniques.

Not a CBT Nuggets subscriber? Sign up for a free 7-day trial.