Fortinet white logo
Fortinet white logo

FortiGate-7000 Release Notes

Security Fabric and Split-Task VDOM support

Security Fabric and Split-Task VDOM support

FortiGate-6000 and 7000 for FortiOS 6.2.3 supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To fully support the Security Fabric, you must switch the FortiGate-6000 or 7000 to operate in Split-Task VDOM mode.

In both Multi VDOM mode and Split-Task VDOM mode, the Security Fabric widget and the Security Fabric topologies no longer show individual FortiGate-6000 FPCs or FortiGate-7000 FIMs and FPMs. You can now use the Configuration Sync Monitor to see the status of individual FortiGate-6000 or 7000 components. See Configuration sync monitor.

Note

In both VDOM modes the Security Fabric must be enabled for normal SLBC operation. See The Fortinet Security Fabric must be enabled for details.

Begin setting up the Security Fabric for your FortiGate-6000 or 7000 by going to Security Fabric > Settings > FortiGate Telemetry > FortiAnalyzer Logging and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-6000 or 7000 can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric.

When setting up a Security Fabric that includes FortiGate-6000s or 7000s:

  • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
  • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
  • If the Security Fabric is set up in legacy mode, then all of the FortiGates in the Security Fabric should have a matching Fabric name and Group password.
  • When you add a FortiGate-6000 or 7000 to an existing fabric, the Security Fabric topologies show the FPCs, FIMs, and FPMs as individual components in the topology. On the root FortiGate you only need to authorize the FortiGate-6000 management board or FortiGate-7000 primary FIM. All of the FortiGate-6000 FPCs or FortiGate-7000 FIMs and FPMs are then automatically authorized.
  • You can click on any FPC, FIM, or FPM and select Login to log into that component using the special management port number.
  • When adding a FortiGate-6000 or 7000 to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-6000 or 7000 configuration. This is required because the default FortiGate-6000 or 7000 security fabric configuration has configuration-sync set to local, so the FortiGate-6000 or 7000 doesn't receive security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.
FortiGate-6301F added to a Security Fabric with a FortiGate-1500D acting as the Fabric root

Security Fabric and Split-Task VDOM support

Security Fabric and Split-Task VDOM support

FortiGate-6000 and 7000 for FortiOS 6.2.3 supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To fully support the Security Fabric, you must switch the FortiGate-6000 or 7000 to operate in Split-Task VDOM mode.

In both Multi VDOM mode and Split-Task VDOM mode, the Security Fabric widget and the Security Fabric topologies no longer show individual FortiGate-6000 FPCs or FortiGate-7000 FIMs and FPMs. You can now use the Configuration Sync Monitor to see the status of individual FortiGate-6000 or 7000 components. See Configuration sync monitor.

Note

In both VDOM modes the Security Fabric must be enabled for normal SLBC operation. See The Fortinet Security Fabric must be enabled for details.

Begin setting up the Security Fabric for your FortiGate-6000 or 7000 by going to Security Fabric > Settings > FortiGate Telemetry > FortiAnalyzer Logging and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-6000 or 7000 can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric.

When setting up a Security Fabric that includes FortiGate-6000s or 7000s:

  • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
  • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
  • If the Security Fabric is set up in legacy mode, then all of the FortiGates in the Security Fabric should have a matching Fabric name and Group password.
  • When you add a FortiGate-6000 or 7000 to an existing fabric, the Security Fabric topologies show the FPCs, FIMs, and FPMs as individual components in the topology. On the root FortiGate you only need to authorize the FortiGate-6000 management board or FortiGate-7000 primary FIM. All of the FortiGate-6000 FPCs or FortiGate-7000 FIMs and FPMs are then automatically authorized.
  • You can click on any FPC, FIM, or FPM and select Login to log into that component using the special management port number.
  • When adding a FortiGate-6000 or 7000 to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-6000 or 7000 configuration. This is required because the default FortiGate-6000 or 7000 security fabric configuration has configuration-sync set to local, so the FortiGate-6000 or 7000 doesn't receive security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.
FortiGate-6301F added to a Security Fabric with a FortiGate-1500D acting as the Fabric root