Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Configuring pre-authorization of supported Security Fabric devices

    Configuring pre-authorization of supported Security Fabric devices

    When the serial number or certificate for a supported Security Fabric device is added to the trusted list on the root FortiGate, the device can join the Security Fabric as soon as it connects.

    Pre-authorization is optional. When a supported Security Fabric device connects to the Security Fabric without pre-authorization configured, you can manually authorize the device in FortiOS. See Authorizing supported connectors.

    Note

    Before you can configure pre-authorization with a certificate, you must download the certificate for the device to your management computer.
    To configure pre-authorization in the GUI:

    1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

    2. In the Device authorization field and click Edit. The Device Authorization pane opens.

    3. Click Create New to add a new device for pre-authorization.

    4. Enter the device name in the Name field.

    5. Select the Authorization type, either Serial Number or Certificate.

    6. If Certificate is selected, click Browse to upload the certificate from the management computer for the supported Security Fabric device.

    7. Set the Action to Accept.

    8. Click OK and add more devices as required.

    9. Click OK.

    To configure pre-authorization in the CLI:

    This example shows how to configure pre-authorization of a FortiVoice with a certificate.

    config system csf
    config trusted-list
        edit "<name>"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end

    Pre-authorizing using the FortiMail certificate

    In this example, FortiMail is configured for pre-authorization using a certificate.

    To pre-authorize FortiMail using a third-party or default certificate:
    1. Log in to FortiMail.
    2. Download the certificate. For example, in Chrome:
      1. In the left side of the address bar, click the icon to view the site information.
      2. Click Certificate.
      3. Click the Details tab, then click Copy to File.

      4. The Certificate Export Wizard opens. Click Next to continue.
      5. For the file format, select Base-64 encoded X.509 (.CER), then click Next.

      6. Browse to the folder location and enter a file name, then click Next.
      7. Click Finish, then click OK to close the dialog box.
    3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    4. Beside Device authorization, click Edit > Create New and configure the following:
      1. Enter the FortiMail serial number.
      2. Set the Authorization type to Certificate.
      3. Click Browse to upload the .CER file you saved previously.

      4. Click OK.

    Pre-authorizing using the FortiVoice certificate

    In this example, FortiVoice is configured for pre-authorization using a certificate.

    To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:

    1. Log in to the FortiVoice.

    2. Download the certificate. For example, in Chrome:

      1. In the left side of the address bar, click the icon to view the site information.

      2. Click Certificate.

      3. In the Certificate window, click the Details tab, then click Copy to File.

      4. The Certificate Export Wizard opens. Click Next.

      5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

      6. Browse to the folder location, enter a file name, then click Next.

      7. Click Finish, then click OK to close the wizard.

    3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

    4. Beside Device authorization, click Edit.

    5. Click Create New and enter the following:

      1. In the Name field, enter the FortiVoice serial number.

      2. Set the Authorization type to Certificate.

      3. Upload the .CER file.

      4. Click OK, then close the Device authorization pane.

    Pre-authorizing using the FortiWeb certificate

    In this example, FortiWeb is configured for pre-authorization using a certificate.

    To authorize a FortiWeb to join the Security Fabric in FortiOS:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. Beside Device authorization, click Edit. The Device authorization pane opens.
    3. Add the FortiWeb:
      1. Click Create New and enter a device name.
      2. For Authorization type, select Certificate.
      3. Click Browse to upload the certificate.
      4. For Action, select Accept.
      5. Click OK. The FortiWeb appears in the table.

    Previous
    Next

    Configuring pre-authorization of supported Security Fabric devices

    Configuring pre-authorization of supported Security Fabric devices

    When the serial number or certificate for a supported Security Fabric device is added to the trusted list on the root FortiGate, the device can join the Security Fabric as soon as it connects.

    Pre-authorization is optional. When a supported Security Fabric device connects to the Security Fabric without pre-authorization configured, you can manually authorize the device in FortiOS. See Authorizing supported connectors.

    Note

    Before you can configure pre-authorization with a certificate, you must download the certificate for the device to your management computer.
    To configure pre-authorization in the GUI:

    1. On the root FortiGate, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

    2. In the Device authorization field and click Edit. The Device Authorization pane opens.

    3. Click Create New to add a new device for pre-authorization.

    4. Enter the device name in the Name field.

    5. Select the Authorization type, either Serial Number or Certificate.

    6. If Certificate is selected, click Browse to upload the certificate from the management computer for the supported Security Fabric device.

    7. Set the Action to Accept.

    8. Click OK and add more devices as required.

    9. Click OK.

    To configure pre-authorization in the CLI:

    This example shows how to configure pre-authorization of a FortiVoice with a certificate.

    config system csf
    config trusted-list
        edit "<name>"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end

    Pre-authorizing using the FortiMail certificate

    In this example, FortiMail is configured for pre-authorization using a certificate.

    To pre-authorize FortiMail using a third-party or default certificate:
    1. Log in to FortiMail.
    2. Download the certificate. For example, in Chrome:
      1. In the left side of the address bar, click the icon to view the site information.
      2. Click Certificate.
      3. Click the Details tab, then click Copy to File.

      4. The Certificate Export Wizard opens. Click Next to continue.
      5. For the file format, select Base-64 encoded X.509 (.CER), then click Next.

      6. Browse to the folder location and enter a file name, then click Next.
      7. Click Finish, then click OK to close the dialog box.
    3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    4. Beside Device authorization, click Edit > Create New and configure the following:
      1. Enter the FortiMail serial number.
      2. Set the Authorization type to Certificate.
      3. Click Browse to upload the .CER file you saved previously.

      4. Click OK.

    Pre-authorizing using the FortiVoice certificate

    In this example, FortiVoice is configured for pre-authorization using a certificate.

    To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:

    1. Log in to the FortiVoice.

    2. Download the certificate. For example, in Chrome:

      1. In the left side of the address bar, click the icon to view the site information.

      2. Click Certificate.

      3. In the Certificate window, click the Details tab, then click Copy to File.

      4. The Certificate Export Wizard opens. Click Next.

      5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

      6. Browse to the folder location, enter a file name, then click Next.

      7. Click Finish, then click OK to close the wizard.

    3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

    4. Beside Device authorization, click Edit.

    5. Click Create New and enter the following:

      1. In the Name field, enter the FortiVoice serial number.

      2. Set the Authorization type to Certificate.

      3. Upload the .CER file.

      4. Click OK, then close the Device authorization pane.

    Pre-authorizing using the FortiWeb certificate

    In this example, FortiWeb is configured for pre-authorization using a certificate.

    To authorize a FortiWeb to join the Security Fabric in FortiOS:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. Beside Device authorization, click Edit. The Device authorization pane opens.
    3. Add the FortiWeb:
      1. Click Create New and enter a device name.
      2. For Authorization type, select Certificate.
      3. Click Browse to upload the certificate.
      4. For Action, select Accept.
      5. Click OK. The FortiWeb appears in the table.

    Previous
    Next