Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-6000 Handbook

    Home FortiGate-6000 6.2.6 FortiGate-6000 Handbook
    6.2.6
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.10
    7.0.5
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.10
    6.4.8
    6.4.6
    6.4.2
    6.2.16
    6.2.16
    6.2.15
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.0.18
    6.0.17
    6.0.16
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.10
    6.0.9
    6.0.8
    6.0.6
    6.0.4
    5.6.14
    5.6.12
    5.6.11
    5.6.7
    5.4.10

    Security Fabric and Split-Task VDOM mode

    Security Fabric and Split-Task VDOM mode

    FortiGate-6000 supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To fully support the Security Fabric, you must switch the FortiGate-6000 to operate in Split-Task VDOM mode.

    In both Multi VDOM mode and Split-Task VDOM mode, the Security Fabric widget and the Security Fabric topologies no longer show individual FortiGate-6000 FPCs. You can now use the Configuration Sync Monitor to see the status of individual FortiGate-6000 components. See Configuration sync monitor.

    Note

    In both VDOM modes, the Security Fabric must be enabled for normal SLBC operation. See Multi VDOM mode and the Security Fabric for details.

    Begin setting up the Security Fabric for your FortiGate-6000 by going to Security Fabric > Settings > FortiGate Telemetry > FortiAnalyzer Logging and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-6000 can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric.

    When setting up a Security Fabric that includes FortiGate-6000s:

    • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
    • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
    • If the Security Fabric is set up in legacy mode, then all of the FortiGates in the Security Fabric should have a matching Fabric name and Group password.
    • When you add a FortiGate-6000 to an existing fabric, the Security Fabric topologies show the FPCs as individual components in the topology. On the root FortiGate you only need to authorize the FortiGate-6000 management board. All of the FPCs are then automatically authorized.
    • You can click on any FPC and select Login to log into that component using the special management port number.
    • When adding a FortiGate-6000 to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-6000. This is required because the default FortiGate-6000 security fabric configuration has configuration-sync set to local, so the FortiGate-6000 doesn't get security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.
    FortiGate-6301F added to a Security Fabric with a FortiGate-1500D acting as the Fabric root

    Previous
    Next

    Security Fabric and Split-Task VDOM mode

    Security Fabric and Split-Task VDOM mode

    FortiGate-6000 supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To fully support the Security Fabric, you must switch the FortiGate-6000 to operate in Split-Task VDOM mode.

    In both Multi VDOM mode and Split-Task VDOM mode, the Security Fabric widget and the Security Fabric topologies no longer show individual FortiGate-6000 FPCs. You can now use the Configuration Sync Monitor to see the status of individual FortiGate-6000 components. See Configuration sync monitor.

    Note

    In both VDOM modes, the Security Fabric must be enabled for normal SLBC operation. See Multi VDOM mode and the Security Fabric for details.

    Begin setting up the Security Fabric for your FortiGate-6000 by going to Security Fabric > Settings > FortiGate Telemetry > FortiAnalyzer Logging and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-6000 can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric.

    When setting up a Security Fabric that includes FortiGate-6000s:

    • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
    • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
    • If the Security Fabric is set up in legacy mode, then all of the FortiGates in the Security Fabric should have a matching Fabric name and Group password.
    • When you add a FortiGate-6000 to an existing fabric, the Security Fabric topologies show the FPCs as individual components in the topology. On the root FortiGate you only need to authorize the FortiGate-6000 management board. All of the FPCs are then automatically authorized.
    • You can click on any FPC and select Login to log into that component using the special management port number.
    • When adding a FortiGate-6000 to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-6000. This is required because the default FortiGate-6000 security fabric configuration has configuration-sync set to local, so the FortiGate-6000 doesn't get security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.
    FortiGate-6301F added to a Security Fabric with a FortiGate-1500D acting as the Fabric root

    Previous
    Next