Fortinet white logo
Fortinet white logo

Administration Guide

Components

Components

Note

As part of improvements to reducing memory usage, FortiGate models with 2 GB RAM cannot be the root of the Security Fabric topology or any mid-tier part of the topology. They can only be configured as downstream devices in a Security Fabric or standalone devices. To use a FortiGate model with 2 GB RAM as a Fabric root, upgrade to FortiOS 7.4.2 or later, which supports up to five downstream devices.

The affected models are the FortiGate 40F, 60E, 60F, 80E and 90E series devices and their variants.

The Fortinet Security Fabric consists of different components that work together to secure you network.

The following devices are required to create a Security Fabric:

Device

Description

FortiGate

FortiGates are the core of the Security Fabric and can have one of the following roles:

  • Root: the root FortiGate is the main component in the Security Fabric. It is typically located on the edge of the network and connects the internal devices and networks to the internet through your ISP. From the root FortiGate, you can see information about the entire Security Fabric on the Physical and Logical Topology pages in the GUI.
  • Downstream: after a root FortiGate is installed, all other FortiGate devices in the Security Fabric act as Internal Segmentation Firewalls (ISFWs), located at strategic points in your internal network, rather than on the network edge. This allows extra security measures to be taken around key network components, such as servers that contain valuable intellectual property. ISFW FortiGates create network visibility by sending traffic and information about the devices that are connected to them to the root FortiGate.

See Configuring the root FortiGate and downstream FortiGates for more information about adding FortiGate devices in the Security Fabric.

FortiGate documentation: https://docs.fortinet.com/product/fortigate

FortiAnalyzer*

FortiAnalyzer gives you increased visibility into your network, centralized monitoring, and awareness of threats, events, and network activity by collecting and correlating logs from all Security Fabric devices. This gives you a deeper and more comprehensive view across the entire Security Fabric.

See Configuring FortiAnalyzer for more information about adding FortiAnalyzer devices in the Security Fabric.

FortiAnalyzer documentation: https://docs.fortinet.com/product/fortianalyzer

Cloud Logging*

There are two options for cloud logging: FortiAnalyzer Cloud and FortiGate Cloud. Either can be used to enable the Security Fabric root device; however, if using FortiGate Cloud, all downstream devices must belong to the same FortiCloud account.

See Configuring cloud logging for more information about configuring a Security Fabric with FortiGate Cloud.

FortiGate Cloud documentation: https://docs.fortinet.com/product/fortigate-cloud

* FortiAnalyzer or Cloud Logging is a required component for the Security Fabric. Either FortiAnalyzer, FortiAnalyzer Cloud, or FortiGate Cloud can be used to met this requirement.

The following devices are recommended:

Device

Description

FortiClient

FortiClient adds endpoint control to devices that are located in the Security Fabric, allowing only traffic from compliant devices to flow through the FortiGate. FortiClient compliance profiles are applied by the first FortiGate that a device’s traffic flows through. Device registration and on-net status information for a device that is running FortiClient appears only on the FortiGate that applies the FortiClient profile to that device.

FortiClient documentation: https://docs.fortinet.com/product/forticlient

FortiClient EMS

FortiClient EMS is used in the Security Fabric to provide visibility across your network, securely share information, and assign security profiles to endpoints.

See Configuring FortiClient EMS for more information about adding FortiClient EMS devices in the Security Fabric.

FortiClient EMS documentation: https://docs.fortinet.com/product/forticlient

FortiAP

Add FortiAP devices to extend the Security Fabric to your wireless devices. Devices connected to a FortiAP appear in the Physical and Logical Topology pages in the Security Fabric menu.

See Configuring LAN edge devices for more information about adding FortiAP devices in the Security Fabric.

FortiAP documentation: https://docs.fortinet.com/product/fortiap

FortiSwitch

A FortiSwitch can be added to the Security Fabric when it is managed by a FortiGate that is in the Security Fabric with the FortiLink protocol, and connected to an interface with Security Fabric Connection enabled. FortiSwitch ports to become logical extensions of the FortiGate.

Devices connected to the FortiSwitch appear in the Physical and Logical Topology pages in the Security Fabric menu, and security features, such as FortiClient compliance profiles, are applied to them.

See Configuring LAN edge devices for more information about adding FortiSwitch devices in the Security Fabric.

FortiSwitch documentation: https://docs.fortinet.com/product/fortiswitch

FortiExtender

FortiExtender cellular gateways provide ultra-fast LTE and 5G wireless to connect and scale any WAN edge.

See Configuring LAN edge devices for more information about adding FortiExtender devices in the Security Fabric.

FortiExtender documentation: https://docs.fortinet.com/product/fortiextender

FortiManager

Add FortiManager to simplify the network management of devices in the Security Fabric by centralizing management access in a single device. This allows you to easily control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for devices in the Security Fabric.

See Configuring central management for more information about adding FortiManager devices in the Security Fabric.

FortiManager documentation: https://docs.fortinet.com/product/fortimanager

FortiSandbox

Add FortiSandbox to your Security Fabric to improve security with sandbox inspection. Sandbox integration allows FortiGate devices in the Security Fabric to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list.

See Configuring sandboxing for more information about adding FortiSandbox devices in the Security Fabric.

FortiSandbox documentation: https://docs.fortinet.com/product/fortisandbox

FortiADC

FortiADC devices optimize the availability, user experience, and scalability of enterprise application delivery. They enable fast, secure, and intelligent acceleration and distribution of even the most demanding enterprise applications.

FortiADC documentation: https://docs.fortinet.com/product/fortiadc

FortiDDoS

FortiDDoS is a Network Behavior Anomaly (NBA) prevention system that detects and blocks attacks that intend to disrupt network service by overutilizing server resources.

FortiDDoS documentation: https://docs.fortinet.com/product/fortiddos

FortiDeceptor

FortiDeceptor automatically lays out a layer of decoys and lures, which helps conceal sensitive and critical assets behind a fabricated deception surface to confuse and redirect attackers while revealing their presence on your network.

See Configuring FortiDeceptor for more information about adding FortiDeceptor devices in the Security Fabric.

FortiDeceptor documentation: https://docs.fortinet.com/product/fortideceptor

FortiMail

FortiMail antispam processing helps offload from other devices in the Security Fabric that would typically carry out this process.

See Configuring FortiMail for more information about adding FortiMail devices in the Security Fabric.

FortiMail documentation: https://docs.fortinet.com/product/fortimail

FortiMonitor

FortiMonitor is a holistic, SaaS-based digital experience and network performance monitoring solution. It facilitates deep analysis of both network health metrics and application performance to identify potential problem areas that impact user access.

See Configuring FortiMonitorfor more information about adding FortiMonitor devices in the Security Fabric.

FortiMonitor documentation: https://docs.fortinet.com/product/fortimonitor

FortiNAC

FortiNAC provides visibility to all administrators to see everything connected to their network, and the ability to control those devices and users, including dynamic, automated responses.

See Configuring FortiNAC for more information about adding FortiNAC devices in the Security Fabric.

FortiNAC documentation: https://docs.fortinet.com/product/fortinac

FortiNDR

FortiNDR (formerly FortiAI) uses artificial neural networks (ANN) that can deliver sub-second malware detection and a verdict. Add FortiNDR to your Security Fabric to automatically quarantine attacks.

See Configuring FortiNDR for more information about adding FortiNDR devices in the Security Fabric.

FortiNDR documentation: https://docs.fortinet.com/product/fortindr

FortiPolicy

FortiPolicy is a containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

See Configuring FortiPolicy for more information about adding FortiPolicy devices in the Security Fabric.

FortiPolicy documentation: https://docs.fortinet.com/product/fortipolicy

FortiTester

FortiTester can be used for performance testing and validating network security infrastructure and services. It provides a comprehensive range of application test cases to evaluate equipment and right-size infrastructure.

See Configuring FortiTester for more information about adding FortiTester devices in the Security Fabric.

FortiTester documentation: https://docs.fortinet.com/product/fortitester

FortiWeb

FortiWeb defends the application attack surface from attacks that target application exploits. You can also configure FortiWeb to apply web application firewall features, virus scanning, and web filtering to HTTP traffic to help offload from other devices in the Security Fabric that would typically carry out these processes.

See Configuring FortiWeb for more information about adding FortiWeb devices in the Security Fabric.

FortiWeb documentation: https://docs.fortinet.com/product/fortiweb

FortiWLC

FortiWLC delivers seamless mobility and superior reliability with optimized client distribution and channel utilization. Both single and multi channel deployment options are supported, maximizing efficiency to make the most of available wireless spectrum.

FortiWLC documentation: https://docs.fortinet.com/product/wireless-controller

FortiVoice

FortiVoice includes integrated high-definition voice, conferencing, and fax capabilities that enables organizations to communicate and collaborate easily and securely.

See Configuring FortiVoice for more information about adding FortiVoice devices in the Security Fabric.

FortiVoice documentation: https://docs.fortinet.com/product/fortivoice-enterprise

Other Fortinet products

Other Fortinet products can be added to the Security Fabric, including FortiAuthenticator, FortiToken, FortiCache, and FortiSIEM.

Documentation: https://docs.fortinet.com/

Third-party products

Third-party products that belong to the Fortinet Fabric-Ready Partner Program can be added to the Security Fabric.

Components

Components

Note

As part of improvements to reducing memory usage, FortiGate models with 2 GB RAM cannot be the root of the Security Fabric topology or any mid-tier part of the topology. They can only be configured as downstream devices in a Security Fabric or standalone devices. To use a FortiGate model with 2 GB RAM as a Fabric root, upgrade to FortiOS 7.4.2 or later, which supports up to five downstream devices.

The affected models are the FortiGate 40F, 60E, 60F, 80E and 90E series devices and their variants.

The Fortinet Security Fabric consists of different components that work together to secure you network.

The following devices are required to create a Security Fabric:

Device

Description

FortiGate

FortiGates are the core of the Security Fabric and can have one of the following roles:

  • Root: the root FortiGate is the main component in the Security Fabric. It is typically located on the edge of the network and connects the internal devices and networks to the internet through your ISP. From the root FortiGate, you can see information about the entire Security Fabric on the Physical and Logical Topology pages in the GUI.
  • Downstream: after a root FortiGate is installed, all other FortiGate devices in the Security Fabric act as Internal Segmentation Firewalls (ISFWs), located at strategic points in your internal network, rather than on the network edge. This allows extra security measures to be taken around key network components, such as servers that contain valuable intellectual property. ISFW FortiGates create network visibility by sending traffic and information about the devices that are connected to them to the root FortiGate.

See Configuring the root FortiGate and downstream FortiGates for more information about adding FortiGate devices in the Security Fabric.

FortiGate documentation: https://docs.fortinet.com/product/fortigate

FortiAnalyzer*

FortiAnalyzer gives you increased visibility into your network, centralized monitoring, and awareness of threats, events, and network activity by collecting and correlating logs from all Security Fabric devices. This gives you a deeper and more comprehensive view across the entire Security Fabric.

See Configuring FortiAnalyzer for more information about adding FortiAnalyzer devices in the Security Fabric.

FortiAnalyzer documentation: https://docs.fortinet.com/product/fortianalyzer

Cloud Logging*

There are two options for cloud logging: FortiAnalyzer Cloud and FortiGate Cloud. Either can be used to enable the Security Fabric root device; however, if using FortiGate Cloud, all downstream devices must belong to the same FortiCloud account.

See Configuring cloud logging for more information about configuring a Security Fabric with FortiGate Cloud.

FortiGate Cloud documentation: https://docs.fortinet.com/product/fortigate-cloud

* FortiAnalyzer or Cloud Logging is a required component for the Security Fabric. Either FortiAnalyzer, FortiAnalyzer Cloud, or FortiGate Cloud can be used to met this requirement.

The following devices are recommended:

Device

Description

FortiClient

FortiClient adds endpoint control to devices that are located in the Security Fabric, allowing only traffic from compliant devices to flow through the FortiGate. FortiClient compliance profiles are applied by the first FortiGate that a device’s traffic flows through. Device registration and on-net status information for a device that is running FortiClient appears only on the FortiGate that applies the FortiClient profile to that device.

FortiClient documentation: https://docs.fortinet.com/product/forticlient

FortiClient EMS

FortiClient EMS is used in the Security Fabric to provide visibility across your network, securely share information, and assign security profiles to endpoints.

See Configuring FortiClient EMS for more information about adding FortiClient EMS devices in the Security Fabric.

FortiClient EMS documentation: https://docs.fortinet.com/product/forticlient

FortiAP

Add FortiAP devices to extend the Security Fabric to your wireless devices. Devices connected to a FortiAP appear in the Physical and Logical Topology pages in the Security Fabric menu.

See Configuring LAN edge devices for more information about adding FortiAP devices in the Security Fabric.

FortiAP documentation: https://docs.fortinet.com/product/fortiap

FortiSwitch

A FortiSwitch can be added to the Security Fabric when it is managed by a FortiGate that is in the Security Fabric with the FortiLink protocol, and connected to an interface with Security Fabric Connection enabled. FortiSwitch ports to become logical extensions of the FortiGate.

Devices connected to the FortiSwitch appear in the Physical and Logical Topology pages in the Security Fabric menu, and security features, such as FortiClient compliance profiles, are applied to them.

See Configuring LAN edge devices for more information about adding FortiSwitch devices in the Security Fabric.

FortiSwitch documentation: https://docs.fortinet.com/product/fortiswitch

FortiExtender

FortiExtender cellular gateways provide ultra-fast LTE and 5G wireless to connect and scale any WAN edge.

See Configuring LAN edge devices for more information about adding FortiExtender devices in the Security Fabric.

FortiExtender documentation: https://docs.fortinet.com/product/fortiextender

FortiManager

Add FortiManager to simplify the network management of devices in the Security Fabric by centralizing management access in a single device. This allows you to easily control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for devices in the Security Fabric.

See Configuring central management for more information about adding FortiManager devices in the Security Fabric.

FortiManager documentation: https://docs.fortinet.com/product/fortimanager

FortiSandbox

Add FortiSandbox to your Security Fabric to improve security with sandbox inspection. Sandbox integration allows FortiGate devices in the Security Fabric to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list.

See Configuring sandboxing for more information about adding FortiSandbox devices in the Security Fabric.

FortiSandbox documentation: https://docs.fortinet.com/product/fortisandbox

FortiADC

FortiADC devices optimize the availability, user experience, and scalability of enterprise application delivery. They enable fast, secure, and intelligent acceleration and distribution of even the most demanding enterprise applications.

FortiADC documentation: https://docs.fortinet.com/product/fortiadc

FortiDDoS

FortiDDoS is a Network Behavior Anomaly (NBA) prevention system that detects and blocks attacks that intend to disrupt network service by overutilizing server resources.

FortiDDoS documentation: https://docs.fortinet.com/product/fortiddos

FortiDeceptor

FortiDeceptor automatically lays out a layer of decoys and lures, which helps conceal sensitive and critical assets behind a fabricated deception surface to confuse and redirect attackers while revealing their presence on your network.

See Configuring FortiDeceptor for more information about adding FortiDeceptor devices in the Security Fabric.

FortiDeceptor documentation: https://docs.fortinet.com/product/fortideceptor

FortiMail

FortiMail antispam processing helps offload from other devices in the Security Fabric that would typically carry out this process.

See Configuring FortiMail for more information about adding FortiMail devices in the Security Fabric.

FortiMail documentation: https://docs.fortinet.com/product/fortimail

FortiMonitor

FortiMonitor is a holistic, SaaS-based digital experience and network performance monitoring solution. It facilitates deep analysis of both network health metrics and application performance to identify potential problem areas that impact user access.

See Configuring FortiMonitorfor more information about adding FortiMonitor devices in the Security Fabric.

FortiMonitor documentation: https://docs.fortinet.com/product/fortimonitor

FortiNAC

FortiNAC provides visibility to all administrators to see everything connected to their network, and the ability to control those devices and users, including dynamic, automated responses.

See Configuring FortiNAC for more information about adding FortiNAC devices in the Security Fabric.

FortiNAC documentation: https://docs.fortinet.com/product/fortinac

FortiNDR

FortiNDR (formerly FortiAI) uses artificial neural networks (ANN) that can deliver sub-second malware detection and a verdict. Add FortiNDR to your Security Fabric to automatically quarantine attacks.

See Configuring FortiNDR for more information about adding FortiNDR devices in the Security Fabric.

FortiNDR documentation: https://docs.fortinet.com/product/fortindr

FortiPolicy

FortiPolicy is a containerized security platform that implements and automates security orchestration with full-flow inspection and segmented and microsegmented policy enforcement while auto-scaling to accommodate infrastructure changes.

See Configuring FortiPolicy for more information about adding FortiPolicy devices in the Security Fabric.

FortiPolicy documentation: https://docs.fortinet.com/product/fortipolicy

FortiTester

FortiTester can be used for performance testing and validating network security infrastructure and services. It provides a comprehensive range of application test cases to evaluate equipment and right-size infrastructure.

See Configuring FortiTester for more information about adding FortiTester devices in the Security Fabric.

FortiTester documentation: https://docs.fortinet.com/product/fortitester

FortiWeb

FortiWeb defends the application attack surface from attacks that target application exploits. You can also configure FortiWeb to apply web application firewall features, virus scanning, and web filtering to HTTP traffic to help offload from other devices in the Security Fabric that would typically carry out these processes.

See Configuring FortiWeb for more information about adding FortiWeb devices in the Security Fabric.

FortiWeb documentation: https://docs.fortinet.com/product/fortiweb

FortiWLC

FortiWLC delivers seamless mobility and superior reliability with optimized client distribution and channel utilization. Both single and multi channel deployment options are supported, maximizing efficiency to make the most of available wireless spectrum.

FortiWLC documentation: https://docs.fortinet.com/product/wireless-controller

FortiVoice

FortiVoice includes integrated high-definition voice, conferencing, and fax capabilities that enables organizations to communicate and collaborate easily and securely.

See Configuring FortiVoice for more information about adding FortiVoice devices in the Security Fabric.

FortiVoice documentation: https://docs.fortinet.com/product/fortivoice-enterprise

Other Fortinet products

Other Fortinet products can be added to the Security Fabric, including FortiAuthenticator, FortiToken, FortiCache, and FortiSIEM.

Documentation: https://docs.fortinet.com/

Third-party products

Third-party products that belong to the Fortinet Fabric-Ready Partner Program can be added to the Security Fabric.