Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.4.2 FortiGate-6000 Handbook

Multi VDOM mode and the Security Fabric

6.4.2
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Copy Link
Copy Doc ID bd3ddb90-2b7a-11eb-96b9-00505692583a:207735
Download PDF

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-6000 uses the Security Fabric for communication and synchronization between the management board and FPCs. By default the Security Fabric is enabled but you should not change the security fabric configuration.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set accept-auth-by-cert enable

set management-ip <ip-address>

set management-port 44300

set authorization-request-type serial

set configuration-sync local

set fabric-object-unification default

end

Where <ip-address> is set to the IP address of the FortiGate-6000 mgmt1 interface.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI. And you cannot add the FortiGate-6000 to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Fabric Connectors > Security Fabric Setup to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Automation, Fabric Connectors, and External Connectors.

Previous
Next

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-6000 uses the Security Fabric for communication and synchronization between the management board and FPCs. By default the Security Fabric is enabled but you should not change the security fabric configuration.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set accept-auth-by-cert enable

set management-ip <ip-address>

set management-port 44300

set authorization-request-type serial

set configuration-sync local

set fabric-object-unification default

end

Where <ip-address> is set to the IP address of the FortiGate-6000 mgmt1 interface.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI. And you cannot add the FortiGate-6000 to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Fabric Connectors > Security Fabric Setup to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Automation, Fabric Connectors, and External Connectors.

Previous
Next