Fortinet FortiManager Review

Good centralized management that's stable and easy to scale


What is our primary use case?

FortiManager
Automation-Driven Centralized Management
Manage all your Fortinet devices in a singleconsole
central management system.
FortiManager provides full visibility of your
network, offering streamlined provisioning and
innovative automation tools.
Integrated with Fortinet’s Security Fabric, the
security architecture and FortiManager’s
Automation Driven Network Operations
capabilities provide a foundation to secure and
optimize network security, such as
provisioning and monitoring SD-WAN.

FortiManager VM-S
The new FortiManager Subscription license model consolidates the VM product SKU and the FortiCare Support SKU into one single SKU,
to simplify the product purchase, upgrade and renewal.
The FortiManager S-Series SKUs come in stackable subscriptions to manager 10, 100 and 1000 devices/vdoms, so that multiple units of
this SKU can be purchased at a time to increase the number of devices/vdoms as needed. This SKU can also be purchased together with
other FMG VM-S SKUs to expand the total number of devices/vdoms.

FortiManager VM
Fortinet offers the FortiManager VM in a stackable license model. This software-based version of the FortiManager hardware appliance
allows you to expand your virtual solution as your environment expands and is designed to run on many virtualization platforms. The
FortiManager virtual appliance family minimizes the effort required to monitor and maintain your network and offers all the features of the
FortiManager hardware appliance.

How has it helped my organization?

Key Features

Single console management

§ Manage all Fortinet products, including firewalls,

FortiAnalyzers, switches, wireless infrastructure and Endpoints

Security automation

§ Reduces complexity and costs by leveraging automated REST

API, scripts, connectors, and automation stitches

Centralized policy and device management

§ Centrally manage up to 100,000+ devices and policies such as

firewalls, switches, and access points

Zero-touch provisioning

§ Automate workflows and configurations for Fortinet firewalls,

switches and wireless infrastructure

Secure SD-WAN provisioning and monitoring

§ Provision and monitor Secure SD-WAN from one console

across your network, branch offices or campuses

Multi-tenancy and administrative domains (ADOMs)

§ Separate customer data and manage domains leveraging

ADOMs to be compliant and operationally effective

Enterprise-grade high availability and integration

§ Automated backups to up to 5 nodes (1 Primary, and 4

secondary) with streamlined software and security updates for

all managed devices

What is most valuable?

Feature Highlights

Single Pane Automation and Orchestration

FortiManager provides insight into network traffic and threats through a single-pane-of-glass and offers enterprise-class features and

sophisticated security management for unified, end-to-end protection to contain advanced threats. FortiManager also delivers the industry’s

best scalability to manage up to 100,000 Fortinet devices. FortiManager, coupled with the FortiAnalyzer family of centralized logging and

reporting appliances, provides a comprehensive and powerful centralized management solution for your organization.

Central Management of Network Infrastructure
Centrally manage FortiGate, FortiSwitch, FortiExtender & FortiAP.
The VPN manager simplifies the deployment and enables centrallyprovisioned
VPN community and connection monitoring. FortiAP
Manager allows configuring, deploying and monitoring FortiAPs
from a single console.

Configuration and Settings Management
Collectively configure the device settings - using the provisioning
templates and advance CLI templates improves management of a
large number of devices. Automatic device configuration backup
with revision control and change audit make it easier for daily
administrative tasks. Use Management extensions to add SD-WAN
Orchestrator, Wireless Manager and other modules.

API for Automation and Orchestration
RESTful API allows MSSPs/large enterprises to create customized,
branded web portals for policy and object administration. Automate
common tasks such as provisioning FortiGates and configuring
existing devices. Join Fortinet Developer Network (FNDN) to
access exclusive articles, how-to content for automation and
customization, community-built tools, scripts and sample code.

Management Extensions
FortiManager’s management extensions allow rapid expansion of
Single Pane to manage more Security Fabric products. The built-in
engine runs containerized extensions to support trusted containers,
which are pulled from the FortiGuard. FortiManager is notified when
new containers are made available and users can easily choose to
opt in our out of each of the management extensions. It includes
modules like SD-WAN Orchestrator, Wireless Manager and more.

Security Policy Management
Per Policy Lock has been added to 6.4, which allows admins to
control the policy change by implicitly lock a policy rule when he/
she does the change to the policy. Group commonly used security
policies in a policy block and insert as needed in different Policy
Packages. Global policy feature that allows companies such as:
Telecom, MSSP and SAAS providers to apply a header/footer
policy at the ADOM level to all policy packages or select packages.

SD-WAN Orchestration & Analytics
Powerful SD-WAN management capabilities using intuitive
workflow and simplified provisioning at scale. Enhanced SD-WAN
analytics to monitor application performance and bandwidth
utilization per WAN link. Leverage application centric SD-WAN
business policies to fine-tune traffic steering decisions based on
performance SLA targets for each WAN provider. Provide flexible
deployment options for SD-WAN orchestrator, an add-on to

Multi-Tenancy & Role Based Administration
FortiManager equips admins with granular device and role based
administration for deploying zero-trust, multi-tenancy architecture
to large enterprises, with a hierarchical objects database to
facilitate re-use of common configurations and serve multiple
customers. ADOMs are used to manage independent security
environments, each with its own security policies and configuration
database, and the intuitive GUI makes it easy to view, create, clone
and manage ADOMs. The zero-touch deployment uses templates
to provision devices for quick mass deployment, and also supports
firmware version enforcement. Define global objects such as
Firewall Objects, Policies and Security Profiles to share across
multiple ADOMs. Granular permissions allow assigning ADOMs,
devices and policies to users based on role and responsibilities.
FortiManager’s new IPS admin is a restricted user role for
performing only IPS related object configuration and install.


What needs improvement?

The solution is very good; I'm not sure if I can think of any features that are lacking.

The GUI could be updated. It's not as good as it could be and is something the solution should improve in an upcoming release.

It would be nice if there could be more reporting included in the solution so that we could get more details about an individual user's profile.

For how long have I used the solution?

I've been working with the solution for about six years now.

What do I think about the stability of the solution?

In terms of stability, the solution is very good. We haven't faced any bugs or glitches. It's quite reliable.

What do I think about the scalability of the solution?

The licensing is very easy, which makes it quite scalable. A company shouldn't have any trouble expanding the solution. If they have, for example, 50 devices and suddenly need 100, they just need to scale up.

Whether the solution is used regularly depends on the organization. 

How are customer service and technical support?

We've been in touch with technical support on the past. In India, they're quite good. We've found them to be very helpful and have been satisfied with their level of support.

How was the initial setup?

The solution is easy to set up. Users shouldn't have any problems doing so.

What other advice do I have?

FortiManager is for the syncing of devices. Therefore, when companies are using multiple devices from Fortinet, such as FortiGate, FortiSwitches, FortiAP, etc., then it's required to have FortiManager. That way, companies can manage central lines in all of the devices via a single person. It's a very useful application.

I'd rate the solution ten out of ten. It's got all of the features we need to manage our FortiGate products and doesn't seem to be lacking anything. It does exactly what we need it to do and we find it quite easy to use.

We're a Fortinet distributor. My clients are the ones that actually use the product. Most of our clients are SMEs or large businesses. This solution, however, is more suited to large and medium-sized businesses.

Which deployment model are you using for this solution?

Public Cloud
**Disclosure: My company has a business relationship with this vendor other than being a customer: Fortinet MSSP Partner
More Fortinet FortiManager reviews from users
...who compared it with Cisco DNA Center
Add a Comment
Guest