Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

debabratamajhi
New Contributor

Created on ‎08-19-2020 03:43 AM

Best practice approach to mange fortigate with fortimanager

Hello

How to manage  more than 150 FW with a  global policy template for most of the FW and use a 'per FW policy' only when FW has some specificity with best best practice approach through fortimanager

FW is located across different location   

Like two ADOM, one for Global Policy and One for Per FW -Seeking help ,Idea 


Do we need any  fortinate tool to mange compliance in terms of security threat and other service in fortigate Firewalls.

Thanks in advance
Labels:
540
0 Kudos
1 REPLY 1
RobertEvans
New Contributor III

Created on ‎08-20-2020 08:29 AM

ADOM is an administrative domain, or a logical grouping of firewalls, you would, for single vdom firewalls typically have 1 firewall to an adom.

If you are a single enterprise, you could have one ADOM, or if you want to split up by business unit you can, its up to you.

As for policy management, you would have a global policy for standard configuration items that would apply to all firewalls such as:
 standard acls
 standard global firewall config items
 standard connectors (TACACS, LDAP, radius, etc)
 Standard AV, Web Profiles
 Any enterprise or msp wide firewall policies

This would be the header or footer policies applied uniform to all 150. You would then define your local policy package that applies to only that firewall, e.g. site specific firewall policies, acls, objects, etc. 

In general some operational discipline is needed for a team to effectively use FortiManager. Its a great tool, but the team should make as much changes FMGR side and push to the firewall, vs making firewall local changes, and having to import the config and have policy package conflicts. 

The goal is central management, you can define in one location your general security policies, and push them to your appliances, as well as have a single reference for per-firewall configurations.

For multi-vdom firewalls, VDOM -> ADOM mapping is possible as well.

-Rob
524
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.