Fortinet black logo

Cookbook

Configuring External

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:244220
Download PDF

Configuring External

In the Security Fabric, External is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric and is used to run the Security Fabric Audit.

In this example, the following interfaces on External connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when External was initially installed).
  • Port 10 connects to Accounting (IP address: 192.168.10.2).
  • Port 11 connects to Marketing (IP address: 192.168.200.2).
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2).
  1. On External, go to Network > Interfaces and edit port 10.
  2. Set an IP/Network Mask for the interface. In this example, 192.168.10.2/255.255.255.0.
  3. Under Administrative Access, enable FortiTelemetry, which is required for communication between FortiGates in the Security Fabric.

  4. Repeat these steps to configure the other interfaces with the appropriate IP addresses.
  5. Go to Policy & Objects > IPv4 Policy and create a policy for traffic from Accounting to the Internet. Ensure NAT is enabled.

  6. Repeat this step to create a similar policy for Marketing.
  7. Still on External, go to System > Feature Visibility, and under Additional Features, enable Multiple Interface Policies.

  8. Go to Policy & Objects > IPv4 Policy and create a policy allowing Accounting and Marketing to access the FortiAnalyzer.

  9. To enable communication between the FortiGates in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry.

    Set a Group name and Group password.

    FortiAnalyzer Logging is enabled by default.

    Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in this example, 192.168.55.10).

  10. Click Test Connectivity.

    An error appears because the FortiGate is not yet authorized on the FortiAnalyzer. This authorization will be configured in a later step.

Configuring External

In the Security Fabric, External is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric and is used to run the Security Fabric Audit.

In this example, the following interfaces on External connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when External was initially installed).
  • Port 10 connects to Accounting (IP address: 192.168.10.2).
  • Port 11 connects to Marketing (IP address: 192.168.200.2).
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2).
  1. On External, go to Network > Interfaces and edit port 10.
  2. Set an IP/Network Mask for the interface. In this example, 192.168.10.2/255.255.255.0.
  3. Under Administrative Access, enable FortiTelemetry, which is required for communication between FortiGates in the Security Fabric.

  4. Repeat these steps to configure the other interfaces with the appropriate IP addresses.
  5. Go to Policy & Objects > IPv4 Policy and create a policy for traffic from Accounting to the Internet. Ensure NAT is enabled.

  6. Repeat this step to create a similar policy for Marketing.
  7. Still on External, go to System > Feature Visibility, and under Additional Features, enable Multiple Interface Policies.

  8. Go to Policy & Objects > IPv4 Policy and create a policy allowing Accounting and Marketing to access the FortiAnalyzer.

  9. To enable communication between the FortiGates in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry.

    Set a Group name and Group password.

    FortiAnalyzer Logging is enabled by default.

    Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in this example, 192.168.55.10).

  10. Click Test Connectivity.

    An error appears because the FortiGate is not yet authorized on the FortiAnalyzer. This authorization will be configured in a later step.