Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,260 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,379 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 850 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,085 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,125 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,029 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 727 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,314 views
  • 1 years ago

Cookbook

Download PDF
Copy Link

Configuring Edge

In the Security Fabric, Edge is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric.

In the example, the following interfaces on Edge connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when Edge was installed)
  • Port 10 connects to Accounting (IP address: 192.168.10.2)
  • Port 11 connects to Marketing (IP address: 192.168.200.2)
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2)
  1. To edit port 10 on Edge, go to Network > Interfaces. Set an IP/Network Mask for the interface (in the example, 192.168.10.2/255.255.255.0).

  2. Set Administrative Access to allow FortiTelemetry, which is required so that FortiGate devices in the Security Fabric can communicate with each other.

  3. Repeat the previous steps to configure the other interfaces with the appropriate IP addresses, as listed above.

  4. To create a policy for traffic from Accounting to the Internet, go to Policy & Objects > IPv4 Policy and select Create New.

  5. Set Incoming Interface to port 10 and Outgoing Interface to port 9.
  6. Enable NAT.

  7. Repeat the previous steps to create a similar policy for Marketing.

  8. On Edge, go to System > Feature Select. Under Additional Features, enable Multiple Interface Policies.

  9. To create a policy that allows Accounting and Marketing to access the FortiAnalyzer, go to Policy & Objects > IPv4 Policy.

  10. To enable communication between the FortiGate devices in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry. Set a Group name and Group password (the Group password option isn’t available isn’t available in FortiOS 6.0.3 and later).
  11. FortiAnalyzer Logging is enabled by default. Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in the example, 192.168.65.10). Set Upload option to Real Time.

  12. Select Test Connectivity. An error appears because the FortiGate isn’t yet authorized on the FortiAnalyzer. This authorization is configured in a later step.

Related Videos

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 6,260 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,379 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 850 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,085 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,125 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,029 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 727 views
  • 1 years ago

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,314 views
  • 1 years ago

Configuring Edge

In the Security Fabric, Edge is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric.

In the example, the following interfaces on Edge connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when Edge was installed)
  • Port 10 connects to Accounting (IP address: 192.168.10.2)
  • Port 11 connects to Marketing (IP address: 192.168.200.2)
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2)
  1. To edit port 10 on Edge, go to Network > Interfaces. Set an IP/Network Mask for the interface (in the example, 192.168.10.2/255.255.255.0).

  2. Set Administrative Access to allow FortiTelemetry, which is required so that FortiGate devices in the Security Fabric can communicate with each other.

  3. Repeat the previous steps to configure the other interfaces with the appropriate IP addresses, as listed above.

  4. To create a policy for traffic from Accounting to the Internet, go to Policy & Objects > IPv4 Policy and select Create New.

  5. Set Incoming Interface to port 10 and Outgoing Interface to port 9.
  6. Enable NAT.

  7. Repeat the previous steps to create a similar policy for Marketing.

  8. On Edge, go to System > Feature Select. Under Additional Features, enable Multiple Interface Policies.

  9. To create a policy that allows Accounting and Marketing to access the FortiAnalyzer, go to Policy & Objects > IPv4 Policy.

  10. To enable communication between the FortiGate devices in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry. Set a Group name and Group password (the Group password option isn’t available isn’t available in FortiOS 6.0.3 and later).
  11. FortiAnalyzer Logging is enabled by default. Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in the example, 192.168.65.10). Set Upload option to Real Time.

  12. Select Test Connectivity. An error appears because the FortiGate isn’t yet authorized on the FortiAnalyzer. This authorization is configured in a later step.