Fortinet black logo

FortiGate-7000F Handbook

Multi VDOM mode and the Security Fabric

Copy Link
Copy Doc ID f500a482-2873-11ec-8c53-00505692583a:761308
Download PDF

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000F uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default the Security Fabric is enabled and you should not change the security fabric configuration.

You can verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set accept-auth-by-cert enable

set log-unification disable

set management-ip <ip-address>

set management-port 44300

set authorization-request-type serial

set fabric-workers 2

set configuration-sync local

set fabric-object-unification default

end

The management-ip is set to the IP address of the mgmt1 interface of the FIM in slot 1.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the . And you cannot add the FortiGate-6000 to a Security Fabric. Multi VDOM mode supports the Security Rating feature.

You can go to Security Fabric > Fabric Connectors > FortiAnalyzer Logging to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Security Rating, Automation, Fabric Connectors, and External Connectors.

Multi VDOM mode and the Security Fabric

When operating in Multi VDOM mode, the FortiGate-7000F uses the Security Fabric for communication and synchronization among the FIMs and FPMs. By default the Security Fabric is enabled and you should not change the security fabric configuration.

You can verify the default Security Fabric configuration from the CLI:

config system csf

set status enable

set upstream-ip 0.0.0.0

set upstream-port 8013

set group-name "SLBC"

set group-password <password>

set accept-auth-by-cert enable

set log-unification disable

set management-ip <ip-address>

set management-port 44300

set authorization-request-type serial

set fabric-workers 2

set configuration-sync local

set fabric-object-unification default

end

The management-ip is set to the IP address of the mgmt1 interface of the FIM in slot 1.

While operating in Multi VDOM mode, you should not change the Security Fabric configuration from the . And you cannot add the FortiGate-6000 to a Security Fabric. Multi VDOM mode supports the Security Rating feature.

You can go to Security Fabric > Fabric Connectors > FortiAnalyzer Logging to enable and configure FortiAnalyzer logging.

Multi VDOM mode also supports other configurations on the Security Fabric menu, including viewing the Physical Topology and Local Topology and configuring Security Rating, Automation, Fabric Connectors, and External Connectors.