FortiManager Interview Questions

If you're looking for FortiManager Interview Questions & Answers for Experienced or Freshers, you are in right place. There are a lot of opportunities from many reputed companies in the world. According to research, FortiManager has a market share of about 3.2%.

So, You still have the opportunity to move ahead in your career in FortiManager Development. Mindmajix offers Advanced FortiManager Interview Questions 2024 that help you in cracking your interview & acquire a dream career as FortiManager Developer.

Top 10 Frequently Asked FortiManager Interview Questions

1. How Fortinet manages its Versatility?
2. What is Automated Device Provisioning?
3. What is locally hosted security content?
4. What are the FortiManager Supported Devices?
5. How does FortiManager’s Work Flow Mode?
6. How can we change the web-based manager language?
7. How to create an ADOM?
8. What is the best way to organize devices using ADOMs?
9. How to manage ADOMs?
10. How is RAID managed in FortiManager?

1. What purpose does FortiMnager solve?

FortiManager is the centralized management console for the Fortinet security framework to manage all your Fortinet devices. FortiManager appliances allow us to centrally manage any number of Fortinet devices, from several to thousands, including FortiGate, FortiWiFi, FortiCarrier, FortiMail, FortiAnalyzer appliances with virtual appliances, as well as FortiClient endpoint security agents.

2. How can we Control our security infrastructure with the help of FortiManager?

The FortiManager family provides the diverse needs of network administrators for efficient management of Fortinet-based security infrastructure. FortiManager minimizes the management costs by a significant margin, eases configuration, and accelerates the deployment cycles, whether deploying new devices, installation of security policies, or distributing updates.

FortiManager offers crucial timesaving features like device auto-discovery, group management, global policies, auditing facilities, and has the capability to manage complex VPN environments. FortiManager, coupled with the FortiAnalyzer family of centralized logging and reporting appliances, provides a complete centralized management solution for any organization.

3. How Fortinet manages its Versatility?

Networks need updating, due to the evolution of threats, organizational growth, or new regulations. Conventional products focus on mitigating organizational threats through firewall policies, firmware updates, and keeping content security current.

FortiManager offers enterprise-class features to contain these threats, but also provides flexibility to evolve along with your ever-changing network. In addition to being able to manage hundreds or even thousands of FortiGate devices, FortiManager now includes basic FortiAnalyzer logging and reporting functions for administrators who prefer a consolidated platform.

4. How does FortiManager functions with FortiAnalyzer?

FortiManager Integrated FortiAnalyzer Logging system allows for tighter integration and correlation of events and policies. A consolidated platform allows network administrators easy deployment of Fortinet management products.

5. What benefits does FortiManager Hierarchical Objects Database offer?

FortiManager facilitates the reuse of common configurations across the organization in both local and global ADOM levels.

6. What is Automated Device Provisioning?

FortiManager’s Automated Device Provisioning reduces the cost of new FortiGate or FortiClient installations and maintains policies across all managed assets.

7. How do Administrative Domains (ADOM) help us?

FortiManager enables a network administrator to create groups of devices for other administrators to monitor and manage the following:-

1. Manage devices in their geographic location or business division
2. Multiple FortiGate virtual domains (VDOMs) can be separated among multiple ADOMs
3. Granular permissions permit assigning of ADOMs and policies to particular users
4. Network Administrators can only access devices or VDOMs assigned to them
5. Generate device configuration templates for quick configuration of a new Fortinet appliance
6. Within each ADOM, there is a familiar database of objects shared by all devices and policy packages which allow users to reuse similar configurations among a group of managed assets
7. Global Policy capabilities are available on all the FortiManager hardware models including virtual machines.

8. What is locally hosted security content?

Hosting security content allows the network administrator for greater control over security content updates and provides an improved response time for rating databases. It supports:

1. Updates of Antivirus definition
2. Updates in the Intrusion Preventions
3. Updations Vulnerability and Compliance Management
4. Web Filtering & Antispam only in some select systems.

9. What is Command and Control in FortiManager?

1. This help in the Management of devices and endpoint agents individually or as logical groups
2. Automatically discovers the new devices.
3. Generates deploys and monitors virtual private networks
4. Delegate control to other users with distributed administration features
5. Audit configuration changes to ensure compliance

10. How does FortiManager Monitor, Analyze, and Report?

1. FortiManager accesses vital security and network statistics.
2. Monitors Real-time, with integrated basic reporting, providing visibility into network and user activity.
3. FortiMnager has more powerful analytics, combined with the FortiAnalyzer appliance for additional data mining and graphical reporting capabilities.

11. What are the FortiManager Supported Devices?

Following are the appliances that are being integrated with FortiManager: -

1. FortiGate and FortiCarrier Consolidated Security Appliances
2. FortiAP - Wireless Access Points
3. FortiMail - Messaging Security Systems
4. FortiWeb - Web Application Security
5. FortiAnalyzer - Reporting and Analysis Appliances
6. FortiSwitch - Switching Platforms
7. FortiSandbox - Advanced Threat Protection Appliances

12. What is Single Pane-of-Glass Management?

Fortinet Security Fabric, known for unified, end-to-end protection, is known as Single Pane of Glass. Deploying Fortinet-based security infrastructure to battle advanced threats, and adding FortiManager to provide single-pane-of-glass management across the whole enterprise & providing insights into network-wide traffic and threats.

FortiManager not only offers enterprise-class features to minimize advanced threats but also delivers the industry’s best scalability to manage up to 100,000 Fortinet devices.

13. How FortiMnager manages the workflow for audit and compliance?

1. FortiMnager reviews approve and update the audit policy changes from a central place.
2. Automates the process, which enhances the policy compliance and policy lifecycle management
3. Enforces workflow to minimize the risk for policy changes

14. What are the APIs for Automation and Orchestration?

1. RESTful API allows MSSPs/large enterprises to generate customized, branded web portals for policy and object administration
2. Automate common tasks such as provisioning new FortiGates and configuring them on existing devices.
3. Join Fortinet Developer Network (FNDN) to access exclusive articles, how to move for automation and customization, community-built tools, scripts, and sample code.

15. How does FortiManager’s Work Flow Mode?

Workflow mode is the global model, which defines the approval or notification workflow when generating and installing policy changes. Workflow mode, when enabled via CLI only, the admin gets a new option in the admin profile page to approve or reject workflow requests.

16. Can we disable the workflow in FortiMnager?

1. Yes! We can disable the feature. Select the System Settings tab in the navigation pane.
2. We should go to System Settings > Dashboard.
3. In the CLI Console widget, type the following CLI command: config system global
   set workspace-mode {workflow | disabled}
   end

The FortiManager session will reboot and the network administrator must log back into the FortiManager system.

17. What function does the FortiManager device manager layer provide?

1. Global ADOM layer - contains two key pieces: the global object database and all header and footer policies. Header and footer policies are used to envelop policies within each individual ADOM. These are typically invisible to users and devices in the ADOM layer.
2. ADOM layer - where the FortiManager manages individual devices or groups of devices. It is inside this layer where policy packages and folders are created, managed, and installed on managed devices. Multiple policy packages can be created here, and they can easily be copied to other ADOMs to facilitate the configuration or provisioning of new devices on the network.
3. Device manager layer - The device manager layer records information on devices that are centrally managed by the FortiManager unit, such as the name and type of device, the specific device model, its IP address, the current firmware installed on the unit, the device’s revision history, and its real-time status.

18. How can we change the web-based manager language?

FortiManager’s web-based manager supports multiple languages; the default language is English. We can change the manager to display in English, Simplified Chinese, Traditional Chinese, Japanese, or Korean. For best results, you should select the language that the computer operating system uses.

We can also set the FortiManager Web-based Manager to automatically detect the system language, and by default show the screens in the proper language, if available.

19. Can we Restrict Web-based Manager access by the trusted host?

Preventing unauthorized access to the Web-based Manager is easy. We can configure administrator accounts with trusted hosts. After trusted hosts configured, the administrator user can only log into the Web-based Manager while working on a computer with the trusted host as defined in the administrator account. You can configure up to ten trusted hosts per administrator account.

20. What are the security considerations, taken into account while restricting access to web-based managers?

While restricting access to the FortiManager Web-based Manager we should check the following:

1. We should configure administrator accounts using a complex passphrase for local accounts
2. We should configure administrator accounts using RADIUS, LDAP, TACACS+, or PKI
3. We should configure the administrator profile to only allow read/write permission as required and restrict access using read-only or no permission to settings, which are not applicable to that administrator
4. We should configure the administrator account to only allow access to particular ADOMs as required
5. We should configure the administrator account to only allow access to particular policy packages as required.

21. What is the best way to organize devices using ADOMs?

We can organize devices into ADOMs to allow you to better manage these devices. You can organize these devices by:

1. Firmware version: Group all devices with the same firmware version into an ADOM.
2. Geographic regions: Group all devices for a specific geographic region into an ADOM, and devices for a different region into another ADOM.
3. Administrative users: Group devices into separate ADOMs based on specific administrators responsible for the group of devices.
4. Customers: Group all devices for one customer into an ADOM, and devices for another customer into another ADOM.

22. How to enable the ADOM feature?

For enabling ADOM feature in FortiManager, we need to:

1. Log in as admin.
2. Go to System Settings > Dashboard.
3. In the system information widget, select Enable next to Administrative Domain

23. How to switch between ADOMs?

As a network administrator, we are able to move between all the ADOMs created on the FortiManager system. This enables us to view, configure, and manage the various domains. Other administrators are only able to move between the ADOMs to which they have permission.

They are able to view and administer the domains based on their account’s permission settings. To access a specific ADOM, we should select that ADOM in the tree menu. The FortiManager system presents the available options for that domain, depending on the tab currently in use.

24. How to manage ADOMs?

When the ADOMs feature is enabled, and we can log in as the admin user, we can find all the available ADOMs listed in the tree menu on the different available tabs. In the Policy & Objects tab, a menu bar is available that allows selecting either Global or a specific ADOM from the drop-down list. Selecting Global or a specific ADOM will then display the policy packages and objects appropriate for your selection.

25. Can we have simultaneous ADOM access?

System administrators can enable or disable simultaneous access to the same ADOM if multiple administrators are responsible for managing a single ADOM. When enabled, multiple administrators can log in to the same ADOM in parallel.

When disabled, only a single administrator has read or writes access to the ADOM, while all other administrators have read-only permission. Concurrent ADOM access can be enabled or disabled using the CLI.

26. How to add ADOM?

To add ADOM, we must log in as admin. Prior to that, we must enable administrative domains in the Web-based Manager.

27. How to create an ADOM?

Either one of the following can create an ADOM.

1. Go to the Device Manager tab & choose Manage ADOMs from the ADOM drop-down list.
2. Select Create New in the Manage ADOMs toolbar. Alternatively
3. Go to System Settings > All ADOMs and either select Create New or right-click in the content pane and choose New from the pop-up menu. The Create ADOM dialog box will open which allows configuring the new ADOM.

28. What can we do in System Settings?

The System Settings tab enables the administrator to manage and configure the basic system options for the FortiManager unit. This includes the basic network settings to connect the device to the main network, the configuration of administrators and their access permissions, managing and updating firmware for the device and access to the FortiGuard Update Service for updates.

29. Can we customize the dashboard?

The FortiManager system dashboard is customized easily. We can select widgets for display, where they are located on the page, and whether they are minimized or maximized.

1. To move a widget, we should position your mouse cursor on the widget’s title bar, then click and drag the widget to its new location.
2. Dashboard System Settings - To add a widget, in the dashboard, select Add Widget, followed by the names of widgets that we want to be displayed. To remove a widget we must simply close the icon.

30. How is RAID managed in FortiManager?

RAID helps us to segregate data storage over multiple disks, providing increased data reliability. FortiManager units that contain multiple hard disks can be RAID configured for capacity, performance, and availability.

We can view the status of the RAID array from the RAID Management page at System Settings > RAID Management. This page displays the status of each disk in RAID array, including the system’s RAID level. This widget also displays how much disk space is used.