Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.0 Administration Guide
7.4.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Configuring pre-authorization of supported Security Fabric devices

Configuring pre-authorization of supported Security Fabric devices

When the serial number or certificate for a supported Security Fabric device is added to the trusted list on the root FortiGate, the device can join the Security Fabric as soon as it connects.

Pre-authorization is optional. When a supported Security Fabric device connects to the Security Fabric without pre-authorization configured, you can manually authorize the device in FortiOS. See Authorizing supported connectors.

Note

Before you can configure pre-authorization with a certificate, you must download the certificate for the device to your management computer.
To configure pre-authorization in the GUI:

  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  2. In the Device authorization field and click Edit. The Device Authorization pane opens.

  3. Click Create New to add a new device for pre-authorization.

  4. Enter the device name in the Name field.

  5. Select the Authorization type, either Serial Number or Certificate.

  6. If Certificate is selected, click Browse to upload the certificate from the management computer for the supported Security Fabric device.

  7. Set the Action to Accept.

  8. Click OK and add more devices as required.

  9. Click OK.

To configure pre-authorization in the CLI:

This example shows how to configure pre-authorization of a FortiVoice with a certificate.

config system csf
    config trusted-list
        edit "<name>"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end

Pre-authorizing using the FortiMail certificate

In this example, FortiMail is configured for pre-authorization using a certificate.

To pre-authorize FortiMail using a third-party or default certificate:
  1. Log in to FortiMail.
  2. Download the certificate. For example, in Chrome:
    1. In the left side of the address bar, click the icon to view the site information.
    2. Click Certificate.
    3. Click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next to continue.
    5. For the file format, select Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location and enter a file name, then click Next.
    7. Click Finish, then click OK to close the dialog box.
  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  4. Beside Device authorization, click Edit > Create New and configure the following:
    1. Enter the FortiMail serial number.
    2. Set the Authorization type to Certificate.
    3. Click Browse to upload the .CER file you saved previously.

    4. Click OK.

Pre-authorizing using the FortiVoice certificate

In this example, FortiVoice is configured for pre-authorization using a certificate.

To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:

  1. Log in to the FortiVoice.

  2. Download the certificate. For example, in Chrome:

    1. In the left side of the address bar, click the icon to view the site information.

    2. Click Certificate.

    3. In the Certificate window, click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next.

    5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location, enter a file name, then click Next.

    7. Click Finish, then click OK to close the wizard.

  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  4. Beside Device authorization, click Edit.

  5. Click Create New and enter the following:

    1. In the Name field, enter the FortiVoice serial number.

    2. Set the Authorization type to Certificate.

    3. Upload the .CER file.

    4. Click OK, then close the Device authorization pane.

Pre-authorizing using the FortiWeb certificate

In this example, FortiWeb is configured for pre-authorization using a certificate.

To authorize a FortiWeb to join the Security Fabric in FortiOS:
  1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  2. Beside Device authorization, click Edit. The Device authorization pane opens.
  3. Add the FortiWeb:
    1. Click Create New and enter a device name.
    2. For Authorization type, select Certificate.
    3. Click Browse to upload the certificate.
    4. For Action, select Accept.
    5. Click OK. The FortiWeb appears in the table.

Previous
Next

Configuring pre-authorization of supported Security Fabric devices

When the serial number or certificate for a supported Security Fabric device is added to the trusted list on the root FortiGate, the device can join the Security Fabric as soon as it connects.

Pre-authorization is optional. When a supported Security Fabric device connects to the Security Fabric without pre-authorization configured, you can manually authorize the device in FortiOS. See Authorizing supported connectors.

Note

Before you can configure pre-authorization with a certificate, you must download the certificate for the device to your management computer.
To configure pre-authorization in the GUI:

  1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  2. In the Device authorization field and click Edit. The Device Authorization pane opens.

  3. Click Create New to add a new device for pre-authorization.

  4. Enter the device name in the Name field.

  5. Select the Authorization type, either Serial Number or Certificate.

  6. If Certificate is selected, click Browse to upload the certificate from the management computer for the supported Security Fabric device.

  7. Set the Action to Accept.

  8. Click OK and add more devices as required.

  9. Click OK.

To configure pre-authorization in the CLI:

This example shows how to configure pre-authorization of a FortiVoice with a certificate.

config system csf
    config trusted-list
        edit "<name>"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end

Pre-authorizing using the FortiMail certificate

In this example, FortiMail is configured for pre-authorization using a certificate.

To pre-authorize FortiMail using a third-party or default certificate:
  1. Log in to FortiMail.
  2. Download the certificate. For example, in Chrome:
    1. In the left side of the address bar, click the icon to view the site information.
    2. Click Certificate.
    3. Click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next to continue.
    5. For the file format, select Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location and enter a file name, then click Next.
    7. Click Finish, then click OK to close the dialog box.
  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  4. Beside Device authorization, click Edit > Create New and configure the following:
    1. Enter the FortiMail serial number.
    2. Set the Authorization type to Certificate.
    3. Click Browse to upload the .CER file you saved previously.

    4. Click OK.

Pre-authorizing using the FortiVoice certificate

In this example, FortiVoice is configured for pre-authorization using a certificate.

To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:

  1. Log in to the FortiVoice.

  2. Download the certificate. For example, in Chrome:

    1. In the left side of the address bar, click the icon to view the site information.

    2. Click Certificate.

    3. In the Certificate window, click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next.

    5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location, enter a file name, then click Next.

    7. Click Finish, then click OK to close the wizard.

  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  4. Beside Device authorization, click Edit.

  5. Click Create New and enter the following:

    1. In the Name field, enter the FortiVoice serial number.

    2. Set the Authorization type to Certificate.

    3. Upload the .CER file.

    4. Click OK, then close the Device authorization pane.

Pre-authorizing using the FortiWeb certificate

In this example, FortiWeb is configured for pre-authorization using a certificate.

To authorize a FortiWeb to join the Security Fabric in FortiOS:
  1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  2. Beside Device authorization, click Edit. The Device authorization pane opens.
  3. Add the FortiWeb:
    1. Click Create New and enter a device name.
    2. For Authorization type, select Certificate.
    3. Click Browse to upload the certificate.
    4. For Action, select Accept.
    5. Click OK. The FortiWeb appears in the table.

Previous
Next