Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marconet-22
New Contributor III

Fortigate Cloud - manage device

Hi

I have big doubt.

I don't know when I activate Fortigate Cloud on my Fortigate Firewall can I manage device via cli or via local LAN?

Or, is it locked and I must manage it only by Cloud enviroment?

Thank you

2 Solutions
elsantas
New Contributor III

Hello marc,

 

This can be better explained by a staff, but from my experience with Fortigates, you would still able to manage your device from local LAN (cli & gui).

The benefit of Fortigate Cloud is that you can check health, logs & subscriptions for your Fortinet products overall.

Hope this answer clarifies some concerns of yours.

 

Regards

==============================

Not all those who wander are lost

==============================

View solution in original post

==============================Not all those who wander are lost==============================
sw2090
SuperUser
SuperUser

We have enabled FortiCloud on all our FGT. I can still manage every FGT via Webinterface,Cli or FortiManager from local lan or vpn here.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

View solution in original post

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
7 REPLIES 7
elsantas
New Contributor III

Hello marc,

 

This can be better explained by a staff, but from my experience with Fortigates, you would still able to manage your device from local LAN (cli & gui).

The benefit of Fortigate Cloud is that you can check health, logs & subscriptions for your Fortinet products overall.

Hope this answer clarifies some concerns of yours.

 

Regards

==============================

Not all those who wander are lost

==============================
==============================Not all those who wander are lost==============================
sw2090
SuperUser
SuperUser

We have enabled FortiCloud on all our FGT. I can still manage every FGT via Webinterface,Cli or FortiManager from local lan or vpn here.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
marconet-22
New Contributor III

Hi guys and thank you.

Which is the Fortinet Cloud Application that lock local configurations? FortiManager?

Debbie_FTNT

FortiManager (Cloud or on-premise) does lock local configuration in a way - when you log in via GUI, you are presented with a warning, and need to decide to access in view-only mode or in read-write mode, and if you access in read-write mote you need to confirm a warning that this may cause FortiGate to go out of sync with FortiManager.

After accepting this, you can still make changes on FortiGate directly. Those changes could revert if you install configurations from FortiManager without ensuring the FortiGate syncs any changes you made locally, but if you're not using FortiManager, this is not really relevant.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
marconet-22

The question is born because many other brands block any change of config when cloud licenses expired. And your answer is important when you want to manage Fortigate over expiration time.

Debbie_FTNT
Staff
Staff

Hey marconet,

as elsantas mentioned, you can still access your FortiGate locally (via GUI or CLI) and make whatever changes you want. You can enable management via FortiCloud if you want (this is optional, not mandatory), and this is NOT automatically enabled when you register the FortiGate in FortiCloud. The only things that are enabled by default is logging to FortiCloud, and FortiGate provides some generaly system information to FortiCloud.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
sw2090
SuperUser
SuperUser

I would say FMG does not lock the config you could still change the config on your fgt but you might lose it when you depoly the config/policy package with FMG next time. However parts can be pulled into fmg when you change it on the fgt. This is the thing FortiNet calls device config. That's e.g. IPSec VPN or the interface and sd-wan config.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors