Driver Support Document

Fortinet Fortigate appliances, OS version 3.x, 4.x, 5.x & Ruijie Firewall appliances, OS version 5.x

Internal Driver Name: Fortigate
Driver Package: Fortigate.rdp
Driver Tier: 3
Vendor: Fortinet
Family: Fortinet Fortigate
IPv6 Support: Not Supported

Show Tested Devices Grid

SYSOID Mapping
SYSOID	MODEL	OS VERSION
1.3.6.1.4.1.4881.101.1.630	Ruijie 1600-S3600	5.0
1.3.6.1.4.1.12356.600	60	3.0
1.3.6.1.4.1.12356.38100	3810	3.0 MR6
1.3.6.1.4.1.12356.101.1.306	30E	5.4.0
1.3.6.1.4.1.12356.101.1.502	50B	4.0
1.3.6.1.4.1.12356.101.1.601	60M	3.0
1.3.6.1.4.1.12356.101.1.603	60B	4.0.3
1.3.6.1.4.1.12356.101.1.615	60C	5.0
1.3.6.1.4.1.12356.101.1.624	60D	5.0
1.3.6.1.4.1.12356.101.1.625	60D	5.0
1.3.6.1.4.1.12356.101.1.630	90D	5.2.2
1.3.6.1.4.1.12356.101.1.700	70D	5.0
1.3.6.1.4.1.12356.101.1.800	80C	5.2.3
1.3.6.1.4.1.12356.101.1.801	80CM	4.0
1.3.6.1.4.1.12356.101.1.900	900D	5.2.7
1.3.6.1.4.1.12356.101.1.1001	Manager VM64	5.2.2
1.3.6.1.4.1.12356.101.1.1002	110C	4.0
1.3.6.1.4.1.12356.101.1.1004	100D	5.2.2
1.3.6.1.4.1.12356.103.1.1054	Manager VM64	5.2.2
1.3.6.1.4.1.12356.101.1.2001	200A	4.0
1.3.6.1.4.1.12356.101.1.2003	200B	4.0
1.3.6.1.4.1.12356.101.1.2004	200D	5.0.9
1.3.6.1.4.1.12356.101.1.2005	200D	5.2.2
1.3.6.1.4.1.12356.101.1.2006	240D	5.2.4
1.3.6.1.4.1.12356.101.1.3001	300A	4.0
1.3.6.1.4.1.12356.101.1.3002	310B	4.0
1.3.6.1.4.1.12356.101.1.3004	311B	4.0
1.3.6.1.4.1.12356.101.1.3005	300C	5.2.2
1.3.6.1.4.1.12356.101.1.3006	300D	5.2.3
1.3.6.1.4.1.12356.101.1.4004	400D	5.2.10
1.3.6.1.4.1.12356.102.1.4002	400B	4.0
1.3.6.1.4.1.12356.101.1.5004	500D	5.2.3
1.3.6.1.4.1.12356.101.1.6003	600C	4.0
1.3.6.1.4.1.12356.101.1.6004	600D	5.2.7
1.3.6.1.4.1.12356.102.1.6200	620B	4.0
1.3.6.1.4.1.12356.101.1.6210	621B	4.0
1.3.6.1.4.1.12356.101.1.8000	800	4.0
1.3.6.1.4.1.12356.101.1.8003	800C	5.2.2
1.3.6.1.4.1.12356.101.1.8004	800D	5.4.4
1.3.6.1.4.1.12356.101.1.10004	1000C	5.0
1.3.6.1.4.1.12356.103.1.10004	1000D	5.x
1.3.6.1.4.1.12356.101.1.10005	1000D	5.2.8
1.3.6.1.4.1.12356.101.1.12400	1240B	4.0
1.3.6.1.4.1.12356.101.1.15000	1500D	5.0
1.3.6.1.4.1.12356.101.1.20000	2000E	5.4.5
1.3.6.1.4.1.12356.103.1.30003	Manager 3000C	4.0
1.3.6.1.4.1.12356.101.3.30003	Manager 3000C	4.0
1.3.6.1.4.1.12356.101.1.30400	3040B	4.0
1.3.6.1.4.1.12356.101.1.32401	3240C	5.0
1.3.6.1.4.1.12356.103.3.35005	3500E	5.0.0
1.3.6.1.4.1.12356.101.1.36004	3600C	5.2.3
1.3.6.1.4.1.12356.101.1.37000	3700D	5.0.7
1.3.6.1.4.1.12356.101.1.39500	3950B	4.0
1.3.6.1.4.1.12356.101.2.40002	Analyzer 4000B	4.0
1.3.6.1.4.1.12356.102.1.8002	Analyzer 800B	4.0
1.3.6.1.4.1.12356.102.1.40002	Analyzer 4000B	5.0.6
1.3.6.1.4.1.12356.103.3.40002	Analyser 4000B	5.0.2
1.3.6.1.4.1.12356.103.1.40005	Manager-4000E	5.2.7
1.3.6.1.4.1.12356.101.1.50011	5001A	4.0

Driver Features Support Grid

Driver Discovery release notes

General Access release notes
(CLI protocols: telnet, ssh1, ssh2, console)
Supports SecurID

Retrieve Running Configuration release notes

Retrieve Startup Configuration

Retrieve Binary Configuration

Device information parsing

Enhanced Layer2 Basic IP information parsing

Configuration Deployment to Running

Configuration Deployment to Startup

Binary Configuration Deployment

Routing Table

OSPF Neighbors

Interfaces

Modules and Inventory

Flash Storage Space

File System

Uptime

ICMP Test

Topology Parsing

Duplex Parsing

Enhanced VLAN Parsing

Software Center

Software Image Synchronization

Password Management
(Can modify: full password, read-only community strings)

Syslog Configuration and Change Detection release notes

Custom Scripts and Diagnostics
Bulk deploy available

ACL Parsing

ACL Provisioning

VLAN Provisioning

Configlet Parsing

QoS Parsing

VRF Parsing

Context Management

General Access

Release Notes

Limited Support for FortiManager

FortiManager devices do not support the same kind of configuration as other Fortigate devices. As a result, tasks using configuration mode [Configuration deployment, Password deployment, etc.] are generally not supported on FortiManager platforms.

Feature support in VDOM mode

Some Fortigate devices under VDOM mode to not allow the use of commands that NA uses to run various diagnostics. Some features may not work in VDOM mode as a result.

Disabling context management

Fortigate devics support virtual domains (VDOMs) that can be managed as independent device contexts. The context management feature adds independent device entries for contexts on the device automatically by using the inventory diagnostic. This feature can be disabled by adding the access variable "disable_context" and setting it to true. Disabling the feature will disable any previously created virtual device entries and will result in the inability to directly manage contexts with NA. Changes will take effect the next time the NA Module Status diagnostic task is run.

return to top

Syslog Configuration and Change Detection

Release Notes

Syslog change detection unsupported

The Fortigate does not send syslog messages for admin login/logoff or configuration changes.

return to top

Retrieve Running Configuration

Release Notes

Differences in encryption keys

The device may store hashes of various private keys in the configuration, which change each time the configuration is retrieved. These differences are ignored during post-snapshot comparison, but can not be ignored in the line-by-line comparison of existing configurations. If other differences are in the configuration, these keys will also be shown as different, even though they do not represent a configuration change.

Differences between various protocols

The device reports its configuration slightly differently, when gathered by the available SCP, TFTP, and CLI methods. To obtain consistent results, ensure that the same protocol is used by selecting only those protocols in the Edit Device page.

Skip collection of global configuration

Fortigate devices contain two configuration data blocks, one collected from 'initial' mode at login and one collected in 'global' mode. By default, both are collected though only the initial mode can be deployed back to the device. To skip the collction of the 'global' configuration, set the device access variable 'skip_global' to true.

Do not collect full configuration

Fortigate devices collect the 'full' configuration (including default settings) by default. To disable the 'full' collection, set the device access variable "no_full" to "true". This setting only applies to the CLI- collected configuration.

return to top

Driver Discovery

Release Notes

More prompt causes an unexpected disconnection

Discovery tasks for Javascript drivers handle More prompts by using timeouts, which can cause problems with the third-party SSH client code, which interprets the timeout as a disconnection. There are two options to work around the problem. Setting the RCX option [<option name="Driver/Discovery/UsePollRead">true</option>] in site_options.rcx will effect the workaround for all affected devices. Alternatively, it could be applied to a single device by setting the device access variable "PollRead" to "true".

Wakeup Ctrl-U character can cause discovery to fail

Discovery tasks for Javascript drivers use wakeup characters are sent during device connection, to ensure that the device is responding. Normally, these characters do not echo to the console, but some devices may echo them. In this case, this causes the prompt detection phase to fail, which in turn can cause More prompts to not be handled properly, and discovery may fail. If these characters are echoed from the device [check the session log to see this], then set the device access variable "skip_ctrl_u" to skip the sending of the wakeup characters. Note that setting this option on a previously working device could cause discovery tasks to fail, but it only affects CLI discovery. SNMP discovery is unaffected.

return to top