Fortinet white logo
Fortinet white logo

FortiGate-7000E Handbook

Multi VDOM mode and the Security Fabric

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000 uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default, the Security Fabric is enabled. You can verify this from the GUI by going to Security Fabric > Fabric Connectors > Security Fabric Setup and verifying that Status is set to Enabled.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set configuration-sync local

set management-ip <ip-address>

set management-port 44300

end

The management-ip is set to the IP address of the mgmt interface.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI or the FortiGate Telemetry configuration from the GUI. And you cannot add the FortiGate-7000 to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Fabric Connectors > Security Fabric Setup to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Automation, Fabric Connectors, and External Connectors.

Multi VDOM mode and the Security Fabric

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000 uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default, the Security Fabric is enabled. You can verify this from the GUI by going to Security Fabric > Fabric Connectors > Security Fabric Setup and verifying that Status is set to Enabled.

You can also verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set configuration-sync local

set management-ip <ip-address>

set management-port 44300

end

The management-ip is set to the IP address of the mgmt interface.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI or the FortiGate Telemetry configuration from the GUI. And you cannot add the FortiGate-7000 to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.

Note

The Security Rating feature is available in Split-Task VDOM mode.

You can go to Security Fabric > Fabric Connectors > Security Fabric Setup to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Automation, Fabric Connectors, and External Connectors.