FortiGate 7000E and the Security Fabric
The FortiGate 7000E supports the Fortinet Security Fabric and all Security Fabric related features. You can set up the FortiGate 7000E to serve as the Security Fabric root and you can configure the FortiGate 7000E to join an existing Security Fabric. For more information see Fortinet Security Fabric.
The FortiGate 7000E uses the Fortinet Security Fabric for communication and synchronization between the primary FIM and the FPMs and for normal GUI operation. By default, the Security Fabric is enabled and must remain enabled for normal operation.
When adding a FortiGate 7000E to an existing security fabric, for normal operation you must authorize the FortiGate 7000E and all of the FIMs and FPMs on the root FortiGate. Otherwise, the primary FIM will not be able to communicate with the other FIM and the FPMs.
You must also manually add a FortiAnalyzer to the FortiGate 7000E configuration, because the default FortiGate 7000E Security Fabric configuration has configuration-sync
set to local
, so the FortiGate 7000E doesn't get security fabric configuration settings, such as the FortiAnalyzer configuration, from the root FortiGate.
If the FortiGate 7000E is not joining a Security Fabric, Fortinet recommends that you do not change the Security Fabric configuration. You can verify the default Security Fabric configuration from the CLI:
config system csf
set status enable
set upstream ''
set source-ip 0.0.0.0
set upstream-interface-select-method auto
set upstream-port 8013
set group-name "SLBC"
set group-password <password>
set accept-auth-by-cert enable
set log-unification disable
set authorization-request-type serial
set fabric-workers 2
set downstream-access disable
set configuration-sync local
set fabric-object-unification default
set forticloud-account-enforcement enable
set file-mgmt enable
set file-quota 268435456
set file-quota-warning 90
end