Fortinet white logo
Fortinet white logo

Administration Guide

Configuring FortiNDR

Configuring FortiNDR

FortiNDR can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiNDR to the Security Fabric in the GUI:
  1. Enable the Security Fabric and configure the interface to allow other Security Fabric devices to join (see Configuring the root FortiGate and downstream FortiGates).

  2. Install the FortiNDR appliance and activate the product with a valid license (see Registering products in the Asset Management Guide). A license file is provided after the product is registered.
  3. In FortiNDR, go to System > FortiGuard and verify that the pre-trained models (engines) are up to date. Refer to the FortiGuard website for the latest FortiNDR ANN versions.

  4. Configure and authorize the FortiGate in the FortiNDR GUI to join the Security Fabric:
    1. Go to Security Fabric > Fabric Connectors and double-click the connector card.
    2. Click the toggle to Enable Security Fabric.
    3. Enter the IP addresses for the root FortiGate and the FortiNDR.

    4. Click OK. The FortiNDR is now authorized.
  5. Authorize the FortiNDR in FortiOS:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. In the topology tree, click the highlighted FortiNDR serial number and select Authorize.

    3. Click Accept to verify the device certificate.

      The Security Fabric widget on the dashboard also updates when the FortiNDR is authorized.

  6. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.
To add FortiNDR to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "port1"
            ...
            set allowaccess ping https ssh http fgfm fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "fabric-ai"
    end
  3. In FortiNDR, configure the device to join the Security Fabric:
    config system csf
        set status enable
        set upstream-ip 10.6.30.14
        set managment-ip 10.6.30.251
    end
  4. Authorize the FortiNDR in FortiOS:
    config system csf
        set status enable
        set group-name "fabric-ai"
        config trusted-list
            edit "FAIVMSTM21000000"
                set authorization-type certificate
                set certificate "*******************"
            next
        end
    end

Configuring FortiNDR

Configuring FortiNDR

FortiNDR can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.

To add FortiNDR to the Security Fabric in the GUI:
  1. Enable the Security Fabric and configure the interface to allow other Security Fabric devices to join (see Configuring the root FortiGate and downstream FortiGates).

  2. Install the FortiNDR appliance and activate the product with a valid license (see Registering products in the Asset Management Guide). A license file is provided after the product is registered.
  3. In FortiNDR, go to System > FortiGuard and verify that the pre-trained models (engines) are up to date. Refer to the FortiGuard website for the latest FortiNDR ANN versions.

  4. Configure and authorize the FortiGate in the FortiNDR GUI to join the Security Fabric:
    1. Go to Security Fabric > Fabric Connectors and double-click the connector card.
    2. Click the toggle to Enable Security Fabric.
    3. Enter the IP addresses for the root FortiGate and the FortiNDR.

    4. Click OK. The FortiNDR is now authorized.
  5. Authorize the FortiNDR in FortiOS:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. In the topology tree, click the highlighted FortiNDR serial number and select Authorize.

    3. Click Accept to verify the device certificate.

      The Security Fabric widget on the dashboard also updates when the FortiNDR is authorized.

  6. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.
To add FortiNDR to the Security Fabric in the CLI:
  1. Configure the interface to allow other Security Fabric devices to join:
    config system interface
        edit "port1"
            ...
            set allowaccess ping https ssh http fgfm fabric
            ...
        next
    end
  2. Enable the Security Fabric:
    config system csf
        set status enable
        set group-name "fabric-ai"
    end
  3. In FortiNDR, configure the device to join the Security Fabric:
    config system csf
        set status enable
        set upstream-ip 10.6.30.14
        set managment-ip 10.6.30.251
    end
  4. Authorize the FortiNDR in FortiOS:
    config system csf
        set status enable
        set group-name "fabric-ai"
        config trusted-list
            edit "FAIVMSTM21000000"
                set authorization-type certificate
                set certificate "*******************"
            next
        end
    end