All Fortinet devices included in a Security Fabric can be placed into a Security Fabric ADOM, allowing for fast data processing and log correlation. Fabric ADOMs enable combined results to be presented in the Device Manager, Log View, FortiView, Incidents & Events/FortiSoC and Reports panes.
In a Fabric ADOM:
- Device Manager: View and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.
- Log View: View logs from all Security Fabric devices.
- FortiView: FortiDDoS and FortiClient EMS widgets are available.
- Incidents & Events: Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs are available, and triggered events are displayed for all device types.
- Reports: View predefined reports, templates, datasets, and charts for all device types. Charts from all device types can be inserted into a single report.
Creating a Security Fabric ADOM
To create a Fabric ADOM:
- In FortiAnalyzer, go to System Settings > All ADOMs.
- Select Create New.
- Configure the settings for the new Fabric ADOM and select Fabric as the type.
See Creating ADOMs for more information on the individual settings.
- Select OK to create the ADOM.
The Fabric ADOM is listed under the Security Fabric section of All ADOMs.
Migrating to a Fabric ADOM
You can change an existing non-Fabric ADOM to a Fabric ADOM using the FortiAnalyzer CLI.
- In the FortiAnalyzer CLI, enter the following commands:
execute migrate fabric <fabric name>
A note is displayed informing you of the number of ADOMs that will be affected, and once begun, a summary is displayed and the system will reboot.