# Fortinet Configuration

{% hint style="warning" %}
This page is work in progress
{% endhint %}

### Timeout tuning

For networks up to a few hundred devices, Highlight suggests the following:

```
config system dm
   set fgfm-sock-timeout 90
   set fgfm_keepalive_itvl 30
end 
```

These suggested settings apply shorter periods for keepalive and timeout checks, making FortiManager more responsive to outages, but potentially increasing the load and therefore reducing the scalability of FortiManager.

Timers are related to the FGFM protocol which the FortiManager uses to manage FortiGates. If the FGFM connection (port 541) is broken between the FortiGate and the FortiManager then the FortiGate's connectivity is reported as down. FGFM timers can be configured as shown above.

{% embed url="<https://how-to-fortimanager-api.readthedocs.io/en/latest/001_fmg_json_api_introduction.html>" %}

### Session based authentication

The definition of a FortiManager user has to be slightly modified with the rpc-permit attribute in in order to be used as an FortiManager JSON RPC API user:

```
config system admin user edit <user> set rpc-permit read-write next end
```

Highlight does not currently support Token based or Cloud authentication ([Contact us](/getting-started/contact-us.md) if you are interested in this).

### Setting the role for the interface

{% hint style="danger" %}
Note: the Role for the Interface **must** be set to WAN in FortiManager for Highlight to discover the interface
{% endhint %}

<div data-with-frame="true"><figure><img src="/files/XEoWOKZ2deHgRBTSnKSd" alt="Show setting Role to WAN for an Interface on FortiManager"><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.highlight.net/device-setup/fortinet-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.