Fortinet white logo
Fortinet white logo

FortiGate-7000E Handbook

Security Fabric and Split-Task VDOM mode

Security Fabric and Split-Task VDOM mode

FortiGate-7000E supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To support the Security Fabric, you must switch the FortiGate-7000E to operate in Split-Task VDOM mode.

Note

In both VDOM modes the Security Fabric must be enabled for normal SLBC operation. See Multi VDOM mode and the Security Fabric for details.

Begin setting up the Security Fabric for your FortiGate-7000E by going to Security Fabric > Fabric Connectors and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-7000E can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric. When setting up a Security Fabric that includes FortiGate-7000Es:

When setting up a Security Fabric that includes FortiGate-7000Es:

  • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
  • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
  • When you add a FortiGate-7000E to an existing fabric, some Security Fabric topologies show the FIMs and FPMs as individual components in the topology. On the root FortiGate you only need to authorize the primary FIM. All of the other FIMs and FPMs are then automatically authorized.
  • You can click on any FIM or FPM and select Login to log into that component using the special management port number.
  • When adding a FortiGate-7000E to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-7000E configuration. This is required because the default FortiGate-7000E security fabric configuration has configuration-sync set to local, so the FortiGate-7000E doesn't receive security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.

Security Fabric and Split-Task VDOM mode

Security Fabric and Split-Task VDOM mode

FortiGate-7000E supports the Fortinet Security Fabric and all Security Fabric related features including Security Rating. To support the Security Fabric, you must switch the FortiGate-7000E to operate in Split-Task VDOM mode.

Note

In both VDOM modes the Security Fabric must be enabled for normal SLBC operation. See Multi VDOM mode and the Security Fabric for details.

Begin setting up the Security Fabric for your FortiGate-7000E by going to Security Fabric > Fabric Connectors and adding a FortiAnalyzer. Once the FortiAnalyzer is added, you can continue configuring the Security Fabric in the same way as any FortiGate device. The FortiGate-7000E can serve as the Security Fabric root or join an existing fabric. For more information see Fortinet Security Fabric. When setting up a Security Fabric that includes FortiGate-7000Es:

When setting up a Security Fabric that includes FortiGate-7000Es:

  • The root FortiGate must have a Fabric name (also called a group name). You can use the default Fabric name (SLBC) or change it to a custom name.
  • A non-root FortiGate can have a different or blank Fabric name as long as the non-root FortiGate is authorized by the root FortiGate.
  • When you add a FortiGate-7000E to an existing fabric, some Security Fabric topologies show the FIMs and FPMs as individual components in the topology. On the root FortiGate you only need to authorize the primary FIM. All of the other FIMs and FPMs are then automatically authorized.
  • You can click on any FIM or FPM and select Login to log into that component using the special management port number.
  • When adding a FortiGate-7000E to an existing security fabric, you must manually add a FortiAnalyzer to the FortiGate-7000E configuration. This is required because the default FortiGate-7000E security fabric configuration has configuration-sync set to local, so the FortiGate-7000E doesn't receive security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.