Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Fortinet Security Fabric

Fortinet Security Fabric

This section introduces new Security Fabric features in FortiOS 6.0.

Security Fabric automation

User-defined Automations allow you to improve response times to security events by automating the activities between devices in the Security Fabric. You can monitor events from any source in the Security Fabric and set up action responses to any destination. To create an Automation, you can set up a Trigger event and response Actions that cause the Security Fabric to respond in a predetermined way. From the root FortiGate, you can set up event triggers for the following event types: compromised host, event log, reboot, conserve mode, high CPU, license expiry, High Availability (HA) failover, and configuration changes. The workflows have the means to launch the following actions in response: email, FortiExplorer notification, AWS Lambda and webhook. Additional actions are available for compromised hosts, such as: access layer quarantine, quarantine FortiClient via EMS, and IP ban.

FortiOS 6.0.2 adds the ability to test automation stitches using the diagnose automation test command.

Security rating

The Security Rating feature (previously called the Security Fabric Audit) includes new security checks that can help you make improvements to your organization’s network, such as enforce password security, apply recommended login attempt thresholds, encourage two factor authentication, and more.

For more information, see the Fortinet Recommended Security Best Practices document.

Security rating FortiGuard service

Security Rating is now a subscription service that FortiGuard offers when you purchase a Security Rating license. This service allows you to:

  • Dynamically receive updates from FortiGuard.
  • Run Security Rating checks for each licensed device in a Security Fabric.
  • Run Security Rating checks in the background or on demand.
  • Submit rating scores to FortiGuard and receive rating scores from FortiGuard, for ranking customers by percentile.

Solution and service integration

In FortiOS 6.0, the Security Fabric extends to include more Fortinet products.

Wireless user quarantine

When you create or edit an SSID, you can enable the Quarantine Host option to quarantine devices that are connected in Tunnel-mode. The option to quarantine a device is available from the Topology and FortiView WiFi pages.

When a host is put into the quarantine VLAN, it gets an IP address from the quarantine VLAN DHCP server, and becomes part of the quarantined network.

For more information, see Features for high-density deployments.

Fortinet products can join the Security Fabric by serial number

Fortinet products can now easily and securely join the Security Fabric using an authorized device serial number.

For more information, see Using the Fortinet Security Fabric.

FortiMail integration

You can now add a FortiMail stats widget to the FortiGate Dashboard page to show mail detection stats from FortiMail. Other FortiMail integrations include the following:

  • A FortiMail section that displays the FortiMail name, IP address, login and password is now available in the Security Fabric Settings page.
  • FortiMail is now shown as a node in the topology tree view in the Fabric Settings page and in the Physical Topology and Logical Topology views.
  • The topology views now show the number of FortiMail devices in the Security Fabric in the device summary.

For more information, see Using the Fortinet Security Fabric.

Synchronize the FortiManager IP address among all Security Fabric members

When you add a FortiManager to the root FortiGate of the Security Fabric, its configuration is now automatically synchronized with all devices in the Security Fabric. Central management features are now configured from the Security Fabric Settings page.

For more information, see Using the Fortinet Security Fabric.

Improve FortiAP and FortiSwitch support in Security Fabric views

The Security Fabric widget on the dashboard and the Security Fabric Settings page now show the FortiAP and FortiSwitch devices in the Security Fabric.

  • You can now use new shortcuts to easily authorize any newly discovered devices and manage them.
  • Switch stacking is now supported in the Physical and Logical topology views, and Inter-switch Link (ISL-LAG) is now identified by a thicker single line.

For more information, see Using the Fortinet Security Fabric.

EMS server support in Security Fabric topology

The FortiClient Endpoint Management System (EMS) can be enabled in FortiClient Endpoint profiles. This feature allows you to maintain FortiClient endpoint protection from FortiClient EMS and dynamically push configuration changes from the EMS to FortiClient endpoints. EMS server support is also integrated with Security Fabric Automation.

For more information, see Using the Fortinet Security Fabric.

Multi-cloud support (Security Fabric connectors)

Security Fabric multi-cloud support adds Security Fabric connectors to the Security Fabric configuration. Security Fabric connectors allow you to integrate Application Centric Infrastructure (ACI), Amazon Web Services (AWS), Microsoft Azure, VMware NSX, and Nuage Virtualized Services Platform configurations into the Security Fabric.

Additionally Cloud init support for Azure is now native to the cloud. FortiGate VM for Azure also supports bootstrapping.

For more information, see Fabric Connectors.

Azure regional support

The Azure Security Fabric connector supports connecting to regional Azure public clouds. This change allows organizations in different regions to connect to their regional Azure public cloud if required for compliance or performance reasons.

For more information, see Fabric Connectors

GUI change for single sign-on configuration

In FortiOS 6.0.1, the options to configure single sign-on in the FortiGate GUI are now located in the Security Fabric > Fabric Connectors menu.

Fortinet Security Fabric

Fortinet Security Fabric

This section introduces new Security Fabric features in FortiOS 6.0.

Security Fabric automation

User-defined Automations allow you to improve response times to security events by automating the activities between devices in the Security Fabric. You can monitor events from any source in the Security Fabric and set up action responses to any destination. To create an Automation, you can set up a Trigger event and response Actions that cause the Security Fabric to respond in a predetermined way. From the root FortiGate, you can set up event triggers for the following event types: compromised host, event log, reboot, conserve mode, high CPU, license expiry, High Availability (HA) failover, and configuration changes. The workflows have the means to launch the following actions in response: email, FortiExplorer notification, AWS Lambda and webhook. Additional actions are available for compromised hosts, such as: access layer quarantine, quarantine FortiClient via EMS, and IP ban.

FortiOS 6.0.2 adds the ability to test automation stitches using the diagnose automation test command.

Security rating

The Security Rating feature (previously called the Security Fabric Audit) includes new security checks that can help you make improvements to your organization’s network, such as enforce password security, apply recommended login attempt thresholds, encourage two factor authentication, and more.

For more information, see the Fortinet Recommended Security Best Practices document.

Security rating FortiGuard service

Security Rating is now a subscription service that FortiGuard offers when you purchase a Security Rating license. This service allows you to:

  • Dynamically receive updates from FortiGuard.
  • Run Security Rating checks for each licensed device in a Security Fabric.
  • Run Security Rating checks in the background or on demand.
  • Submit rating scores to FortiGuard and receive rating scores from FortiGuard, for ranking customers by percentile.

Solution and service integration

In FortiOS 6.0, the Security Fabric extends to include more Fortinet products.

Wireless user quarantine

When you create or edit an SSID, you can enable the Quarantine Host option to quarantine devices that are connected in Tunnel-mode. The option to quarantine a device is available from the Topology and FortiView WiFi pages.

When a host is put into the quarantine VLAN, it gets an IP address from the quarantine VLAN DHCP server, and becomes part of the quarantined network.

For more information, see Features for high-density deployments.

Fortinet products can join the Security Fabric by serial number

Fortinet products can now easily and securely join the Security Fabric using an authorized device serial number.

For more information, see Using the Fortinet Security Fabric.

FortiMail integration

You can now add a FortiMail stats widget to the FortiGate Dashboard page to show mail detection stats from FortiMail. Other FortiMail integrations include the following:

  • A FortiMail section that displays the FortiMail name, IP address, login and password is now available in the Security Fabric Settings page.
  • FortiMail is now shown as a node in the topology tree view in the Fabric Settings page and in the Physical Topology and Logical Topology views.
  • The topology views now show the number of FortiMail devices in the Security Fabric in the device summary.

For more information, see Using the Fortinet Security Fabric.

Synchronize the FortiManager IP address among all Security Fabric members

When you add a FortiManager to the root FortiGate of the Security Fabric, its configuration is now automatically synchronized with all devices in the Security Fabric. Central management features are now configured from the Security Fabric Settings page.

For more information, see Using the Fortinet Security Fabric.

Improve FortiAP and FortiSwitch support in Security Fabric views

The Security Fabric widget on the dashboard and the Security Fabric Settings page now show the FortiAP and FortiSwitch devices in the Security Fabric.

  • You can now use new shortcuts to easily authorize any newly discovered devices and manage them.
  • Switch stacking is now supported in the Physical and Logical topology views, and Inter-switch Link (ISL-LAG) is now identified by a thicker single line.

For more information, see Using the Fortinet Security Fabric.

EMS server support in Security Fabric topology

The FortiClient Endpoint Management System (EMS) can be enabled in FortiClient Endpoint profiles. This feature allows you to maintain FortiClient endpoint protection from FortiClient EMS and dynamically push configuration changes from the EMS to FortiClient endpoints. EMS server support is also integrated with Security Fabric Automation.

For more information, see Using the Fortinet Security Fabric.

Multi-cloud support (Security Fabric connectors)

Security Fabric multi-cloud support adds Security Fabric connectors to the Security Fabric configuration. Security Fabric connectors allow you to integrate Application Centric Infrastructure (ACI), Amazon Web Services (AWS), Microsoft Azure, VMware NSX, and Nuage Virtualized Services Platform configurations into the Security Fabric.

Additionally Cloud init support for Azure is now native to the cloud. FortiGate VM for Azure also supports bootstrapping.

For more information, see Fabric Connectors.

Azure regional support

The Azure Security Fabric connector supports connecting to regional Azure public clouds. This change allows organizations in different regions to connect to their regional Azure public cloud if required for compliance or performance reasons.

For more information, see Fabric Connectors

GUI change for single sign-on configuration

In FortiOS 6.0.1, the options to configure single sign-on in the FortiGate GUI are now located in the Security Fabric > Fabric Connectors menu.