Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    6.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Leverage SAML to switch between Security Fabric FortiGates  6.2.1

    Leverage SAML to switch between Security Fabric FortiGates 6.2.1

    In the FortiGate GUI header, a dropdown menu is available for all FortiGates that are participating in the Security Fabric. You can use the dropdown menu to easily switch between all devices connected to the Security Fabric. Each item in the dropdown menu represents a FortiGate in the Security Fabric.

    Following is a summary of the new feature:

    Switching between FortiGates in a Security Fabric using the GUI

    To switch between FortiGates in a Security Fabric:
    1. Log in to a FortiGate in a Security Fabric by using SSO.
    2. In the banner, click the name of the FortiGate.

      A dropdown menu is displayed. The dropdown menu displays the root FortiGate as well as the downstream FortiGates in the Security Fabric.

    3. Hover over the name of a FortiGate.

      A tooltip about the FortiGate is displayed.

      Following is an example of the tooltip for a downstream FortiGate:

      Following is an example of the tooltip for another downstream FortiGate:

    4. Click a FortiGate to navigate to its management IP/FQDN without further authentication.

    Setting the IP/FQDN using the GUI

    To set the IP/FQDN using the GUI:
    1. Log into the root FortiGate, and go to Security Fabric > Settings.

      Beside Security Fabric role, Serve as Fabric Root is selected.

    2. Specify the management IP or FQDN:
      1. Beside Management IP/FQDN, click Specify.

        A box is displayed.

      2. In the box, type the management IP or FQDN.
      3. Beside Management Port, click Specify.

        A box is displayed.

      4. In the box, type the port number, and click Apply.
    3. On a downstream FortiGate, go to Security Fabric > Settings.

      Beside Security Fabric role, Join Existing Fabric is selected.

    4. Specify the management IP or FQDN:
      1. Beside Management IP/FQDN, click Specify.

        A box is displayed.

      2. In the box, type the management IP or FQDN.
      3. Beside Management Port, click Specify.

        A box is displayed.

      4. In the box, type the port number, and click Apply.

      If management IP/FQDN is not set on a FortiGate, the IP that it uses to connect to the Security Fabric is displayed as management IP, and a warning is displayed because administrators might be unable to access the IP by using a browser.

    Setting the IP/FQDN using the CLI

    To set the IP/FQDN using the CLI:
    1. On the root FortiGate, run the follow commands:

      config system csf

      set status enable

      set group-name "csf_script"

      set management-ip "172.17.48.225"

      set management-port 4431

      ......

      end

      config system csf

      set status enable

      set upstream-ip 10.2.200.1

      set management-ip "robot.csf"

      set management-port 4432

      end

    Customizing a root FortiGate using the GUI

    To customize a root FortiGate using the GUI:
    1. On a root FortiGate, click the dropdown menu in the banner, and hover over the root FortiGate.

      A summary pane is displayed.

    2. In the summary pane, click Customize.

      A Customize pane is displayed.

    3. Edit the settings, and click OK.

    Viewing a summary of all connected FortiGates in a Security Fabric using the CLI

    To view a summary of all connected FortiGates in a Security Fabric using the CLI:
    1. Go to a downstream FortiGate in the Security Fabric, and run the following command:

      FGTB-1 # diagnose sys csf global

      Current vision:

      [

      {

      "path":"FG3H1E5818900718",

      "mgmt_ip_str":"",

      "mgmt_port":0,

      "sync_mode":1,

      "saml_role":"disable",

      "admin_port":443,

      "serial":"FG3H1E5818900718",

      "host_name":"FGTA-1",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "subtree_members":[

      {

      "serial":"FG201ETK18902514"

      },

      {

      "serial":"FGT81ETK18002246"

      },

      {

      "serial":"FG101ETK18002187"

      }

      ]

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514",

      "mgmt_ip_str":"robot.csf",

      "mgmt_port":4432,

      "sync_mode":1,

      "saml_role":"service-provider",

      "admin_port":443,

      "serial":"FG201ETK18902514",

      "host_name":"FGTB-1",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"port2",

      "upstream_serial":"FG3H1E5818900718",

      "parent_serial":"FG3H1E5818900718",

      "parent_hostname":"FGTA-1",

      "upstream_status":"Authorized",

      "upstream_ip":29884938,

      "upstream_ip_str":"10.2.200.1",

      "subtree_members":[

      {

      "serial":"FGT81ETK18002246"

      },

      {

      "serial":"FG101ETK18002187"

      }

      ],

      "is_discovered":true,

      "ip_str":"10.2.200.2",

      "downstream_intf":"wan1",

      "idx":1

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514:FGT81ETK18002246",

      "mgmt_ip_str":"172.17.48.225",

      "mgmt_port":4434,

      "sync_mode":1,

      "saml_role":"service-provider",

      "admin_port":443,

      "serial":"FGT81ETK18002246",

      "host_name":"FGTD",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"vlan60",

      "upstream_serial":"FG201ETK18902514",

      "parent_serial":"FG201ETK18902514",

      "parent_hostname":"FGTB-1",

      "upstream_status":"Authorized",

      "upstream_ip":33990848,

      "upstream_ip_str":"192.168.6.2",

      "subtree_members":[

      ],

      "is_discovered":true,

      "ip_str":"192.168.6.4",

      "downstream_intf":"wan2",

      "idx":2

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514:FG101ETK18002187",

      "mgmt_ip_str":"",

      "mgmt_port":0,

      "sync_mode":1,

      "saml_role":"disable",

      "admin_port":443,

      "serial":"FG101ETK18002187",

      "host_name":"FGTC",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"vlan70",

      "upstream_serial":"FG201ETK18902514",

      "parent_serial":"FG201ETK18902514",

      "parent_hostname":"FGTB-1",

      "upstream_status":"Authorized",

      "upstream_ip":34056384,

      "upstream_ip_str":"192.168.7.2",

      "subtree_members":[

      ],

      "is_discovered":true,

      "ip_str":"192.168.7.3",

      "downstream_intf":"wan1",

      "idx":3

      }

      ]

    Previous
    Next

    Leverage SAML to switch between Security Fabric FortiGates  6.2.1

    Leverage SAML to switch between Security Fabric FortiGates 6.2.1

    In the FortiGate GUI header, a dropdown menu is available for all FortiGates that are participating in the Security Fabric. You can use the dropdown menu to easily switch between all devices connected to the Security Fabric. Each item in the dropdown menu represents a FortiGate in the Security Fabric.

    Following is a summary of the new feature:

    Switching between FortiGates in a Security Fabric using the GUI

    To switch between FortiGates in a Security Fabric:
    1. Log in to a FortiGate in a Security Fabric by using SSO.
    2. In the banner, click the name of the FortiGate.

      A dropdown menu is displayed. The dropdown menu displays the root FortiGate as well as the downstream FortiGates in the Security Fabric.

    3. Hover over the name of a FortiGate.

      A tooltip about the FortiGate is displayed.

      Following is an example of the tooltip for a downstream FortiGate:

      Following is an example of the tooltip for another downstream FortiGate:

    4. Click a FortiGate to navigate to its management IP/FQDN without further authentication.

    Setting the IP/FQDN using the GUI

    To set the IP/FQDN using the GUI:
    1. Log into the root FortiGate, and go to Security Fabric > Settings.

      Beside Security Fabric role, Serve as Fabric Root is selected.

    2. Specify the management IP or FQDN:
      1. Beside Management IP/FQDN, click Specify.

        A box is displayed.

      2. In the box, type the management IP or FQDN.
      3. Beside Management Port, click Specify.

        A box is displayed.

      4. In the box, type the port number, and click Apply.
    3. On a downstream FortiGate, go to Security Fabric > Settings.

      Beside Security Fabric role, Join Existing Fabric is selected.

    4. Specify the management IP or FQDN:
      1. Beside Management IP/FQDN, click Specify.

        A box is displayed.

      2. In the box, type the management IP or FQDN.
      3. Beside Management Port, click Specify.

        A box is displayed.

      4. In the box, type the port number, and click Apply.

      If management IP/FQDN is not set on a FortiGate, the IP that it uses to connect to the Security Fabric is displayed as management IP, and a warning is displayed because administrators might be unable to access the IP by using a browser.

    Setting the IP/FQDN using the CLI

    To set the IP/FQDN using the CLI:
    1. On the root FortiGate, run the follow commands:

      config system csf

      set status enable

      set group-name "csf_script"

      set management-ip "172.17.48.225"

      set management-port 4431

      ......

      end

      config system csf

      set status enable

      set upstream-ip 10.2.200.1

      set management-ip "robot.csf"

      set management-port 4432

      end

    Customizing a root FortiGate using the GUI

    To customize a root FortiGate using the GUI:
    1. On a root FortiGate, click the dropdown menu in the banner, and hover over the root FortiGate.

      A summary pane is displayed.

    2. In the summary pane, click Customize.

      A Customize pane is displayed.

    3. Edit the settings, and click OK.

    Viewing a summary of all connected FortiGates in a Security Fabric using the CLI

    To view a summary of all connected FortiGates in a Security Fabric using the CLI:
    1. Go to a downstream FortiGate in the Security Fabric, and run the following command:

      FGTB-1 # diagnose sys csf global

      Current vision:

      [

      {

      "path":"FG3H1E5818900718",

      "mgmt_ip_str":"",

      "mgmt_port":0,

      "sync_mode":1,

      "saml_role":"disable",

      "admin_port":443,

      "serial":"FG3H1E5818900718",

      "host_name":"FGTA-1",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "subtree_members":[

      {

      "serial":"FG201ETK18902514"

      },

      {

      "serial":"FGT81ETK18002246"

      },

      {

      "serial":"FG101ETK18002187"

      }

      ]

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514",

      "mgmt_ip_str":"robot.csf",

      "mgmt_port":4432,

      "sync_mode":1,

      "saml_role":"service-provider",

      "admin_port":443,

      "serial":"FG201ETK18902514",

      "host_name":"FGTB-1",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"port2",

      "upstream_serial":"FG3H1E5818900718",

      "parent_serial":"FG3H1E5818900718",

      "parent_hostname":"FGTA-1",

      "upstream_status":"Authorized",

      "upstream_ip":29884938,

      "upstream_ip_str":"10.2.200.1",

      "subtree_members":[

      {

      "serial":"FGT81ETK18002246"

      },

      {

      "serial":"FG101ETK18002187"

      }

      ],

      "is_discovered":true,

      "ip_str":"10.2.200.2",

      "downstream_intf":"wan1",

      "idx":1

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514:FGT81ETK18002246",

      "mgmt_ip_str":"172.17.48.225",

      "mgmt_port":4434,

      "sync_mode":1,

      "saml_role":"service-provider",

      "admin_port":443,

      "serial":"FGT81ETK18002246",

      "host_name":"FGTD",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"vlan60",

      "upstream_serial":"FG201ETK18902514",

      "parent_serial":"FG201ETK18902514",

      "parent_hostname":"FGTB-1",

      "upstream_status":"Authorized",

      "upstream_ip":33990848,

      "upstream_ip_str":"192.168.6.2",

      "subtree_members":[

      ],

      "is_discovered":true,

      "ip_str":"192.168.6.4",

      "downstream_intf":"wan2",

      "idx":2

      },

      {

      "path":"FG3H1E5818900718:FG201ETK18902514:FG101ETK18002187",

      "mgmt_ip_str":"",

      "mgmt_port":0,

      "sync_mode":1,

      "saml_role":"disable",

      "admin_port":443,

      "serial":"FG101ETK18002187",

      "host_name":"FGTC",

      "firmware_version_major":6,

      "firmware_version_minor":2,

      "firmware_version_patch":0,

      "firmware_version_build":923,

      "upstream_intf":"vlan70",

      "upstream_serial":"FG201ETK18902514",

      "parent_serial":"FG201ETK18902514",

      "parent_hostname":"FGTB-1",

      "upstream_status":"Authorized",

      "upstream_ip":34056384,

      "upstream_ip_str":"192.168.7.2",

      "subtree_members":[

      ],

      "is_discovered":true,

      "ip_str":"192.168.7.3",

      "downstream_intf":"wan1",

      "idx":3

      }

      ]

    Previous
    Next