Multi VDOM mode and the Security Fabric
When operating in Multi VDOM mode, the FortiGate-7000 uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default, the Security Fabric is enabled. You can verify this from the GUI by going to Security Fabric > Fabric Connectors > Security Fabric Setup and verifying that Status is set to Enabled.
You can also verify the default Security Fabric configuration from the CLI:
config system csf
set status enable
set upstream-ip 0.0.0.0
set upstream-port 8013
set group-name "SLBC"
set group-password <password>
set configuration-sync local
set management-ip <ip-address>
set management-port 44300
end
The management-ip
is set to the IP address of the mgmt interface.
While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the CLI or the FortiGate Telemetry configuration from the GUI. And you cannot add the FortiGate-7000 to a Security Fabric. Multi VDOM mode also does not support the Security Rating feature.
The Security Rating feature is available in Split-Task VDOM mode. |
You can go to Security Fabric > Fabric Connectors > Security Fabric Setup to enable and configure FortiAnalyzer logging.
Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Automation, Fabric Connectors, and External Connectors.