Fortinet black logo

FortiGate-7000F Handbook

Multi VDOM mode and the Security Fabric

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:761308
Download PDF

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000F uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default, the Security Fabric is enabled. You can verify this from the GUI by going to Security Fabric > Settings and verifying that FortiGate Telemetry is enabled.

In addition to FortiGate telemetry being enabled, the default Security Fabric role is set to Serve as Fabric Root and the Fabric name is SLBC. When operating in Multi VDOM mode, the role and fabric name must not be changed.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name SLBC

set group-password <password>

set configuration-sync local

set log-unification disable

set management-ip <ip-address>

set management-port 44301

end

The management-ip is set to the IP address of the mgmt1 interface of the FIM in slot 1.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI or the or the FortiGate Telemetry configuration from the GUI. You cannot add the FortiGate-7000F to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Settings > FortiGate Telemetry to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports all other configurations on the Security Fabric > Settings menu, including Central Management, Sandbox Inspection, Fabric Devices, and FortiClient Endpoint Management System (EMS). You can also view the Physical Topology and Local Topology and configure Automation and Fabric Connectors.

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000F uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default, the Security Fabric is enabled. You can verify this from the GUI by going to Security Fabric > Settings and verifying that FortiGate Telemetry is enabled.

In addition to FortiGate telemetry being enabled, the default Security Fabric role is set to Serve as Fabric Root and the Fabric name is SLBC. When operating in Multi VDOM mode, the role and fabric name must not be changed.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name SLBC

set group-password <password>

set configuration-sync local

set log-unification disable

set management-ip <ip-address>

set management-port 44301

end

The management-ip is set to the IP address of the mgmt1 interface of the FIM in slot 1.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI or the or the FortiGate Telemetry configuration from the GUI. You cannot add the FortiGate-7000F to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Settings > FortiGate Telemetry to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports all other configurations on the Security Fabric > Settings menu, including Central Management, Sandbox Inspection, Fabric Devices, and FortiClient Endpoint Management System (EMS). You can also view the Physical Topology and Local Topology and configure Automation and Fabric Connectors.