Fortinet Configuration

Follow the tips on this page to ensure your Fortinet SD-WAN network integrates smoothly with Highlight.

This page is work in progress

Timeout tuning

For networks up to a few hundred devices, Highlight suggests the following:

config system dm
   set fgfm-sock-timeout 90
   set fgfm_keepalive_itvl 30
end

These suggested settings apply shorter periods for keepalive and timeout checks, making FortiManager more responsive to outages, but potentially increasing the load and therefore reducing the scalability of FortiManager.

Timers are related to the FGFM protocol which the FortiManager uses to manage FortiGates. If the FGFM connection (port 541) is broken between the FortiGate and the FortiManager then the FortiGate's connectivity is reported as down. FGFM timers can be configured as shown above.

1. FMG JSON API Introduction — How to FortiManager API - Wed Jan 14 08:37:07 2026how-to-fortimanager-api.readthedocs.io

Session based authentication

The definition of a FortiManager user has to be slightly modified with the rpc-permit attribute in in order to be used as an FortiManager JSON RPC API user:

config system admin user edit <user> set rpc-permit read-write next end

Highlight does not currently support Token based or Cloud authentication (Contact us if you are interested in this).

Setting the role for the interface

Note: the Role for the Interface must be set to WAN in FortiManager for Highlight to discover the interface

Show setting Role to WAN for an Interface on FortiManager

PreviousDevice Setup

Last updated 6 days ago

Was this helpful?

hashtagTimeout tuning

hashtagSession based authentication

hashtagSetting the role for the interface

Timeout tuning

Session based authentication

Setting the role for the interface