Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiManager 7.6.0 New Features
    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.7
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    Fabric of FortiManager

    Fabric of FortiManager

    Note

    This information is also available in the Fabric of FortiManager Deployment Guide.

    Fabric of FortiManager is a scalable fabric architecture with supervisor and member roles, to increase the performance in growing customer's environments.

    In daily use of Fabric of FortiManager, all operations are performed on the supervisor, such as creating ADOMs, policy objects, and pushing configurations to FortiGates. The supervisor forwards all commands to the corresponding FortiManager members. For users, all operations are seamless and feel the same as using a single FortiManager.

    Forming the Fabric of FortiManager

    To configure the Fabric of FortiManager, you must configure a supervisor, one or more members, and enable FortiManager Fabric communication on the interfaces being used.

    To form a Fabric of FortiManager:

    1. Go to System settings > Network, edit the interfaces used for the Fabric, and enable FortiManager Fabric under Administrative Access.

    2. Configure the supervisor.

      1. Log in to the FortiManager that will act as the supervisor.

      2. Go to System Settings > Fabric Management, and configure the Fabric settings.

        Status ON
        Role Supervisor
        Fabric Name Enter a Fabric name.

      3. Click Apply to save the settings. You must reboot the FortiManager.

    3. Configure a member.

      1. Log in to the FortiManager that will act as a member.

      2. Go to System Settings > Fabric Management, and configure the Fabric settings.

        Status ON
        Role Member
        Fabric Name Enter a Fabric name.

        Upstream IP

        Enter the supervisor's IP.

        Session Port

        The port should match the one configured on the supervisor. The default port is 8013.

      3. Click Apply to save the settings. You must reboot the FortiManager.

    4. Authorize the member device to the Fabric of FortiManager:

      1. On the member, go to System Settings > Fabric Management, and click Confirm to confirm the supervisor's serial number.

      2. On the supervisor, go to System Settings > Fabric Management, and click Authorize on the card that is displayed for the member device.

      3. Repeat these steps for additional member devices added to the Fabric of FortiManager.

    Managing devices

    To add FortiGate devices to a member:

    1. On the supervisor, add a FortiGate to the member.

    2. In the Device Manager, add a new online device and enter the following information:

      IP Address Enter the FortiGate IP address.
      Use Legacy Device Login Enabled
      User Name Enter the FortiGate admin user name.

      Password

      Enter the FortiGate admin password.

      Fabric Member

      Select a FortiManager member from the dropdown list.

    3. Click Next.

    To view device assignments to members

    1. Go to Device Manager > Device & Groups.

      • Select Device Managed by FMG Fabric Members from the Show Charts dropdown.

      • The Fabric Member column in the device table can display the Fabric Member to which the FortiGate is assigned.

    To move FortiGate units between members:

    1. Go to Device Manager > Device & Groups.

    2. Right-click on a device and click Move to FMG Member.

      The Move to FMG Member dialog appears.

    3. Select a target FortiManager member, and click OK. The device is moved to a new member.

    Example

    In daily use of Fabric of FortiManager, all operations are performed on the supervisor, such as creating ADOMs, policy objects, and pushing configurations to FortiGates. The supervisor forwards all commands to the corresponding FortiManager members. For users, all operations are seamless and feel the same as using a single FortiManager.

    For example, user should not modify the policy for each FortiManager member individually. Instead, users should log in to the supervisor FortiManager and make the changes there.

    As shown in the image below, the FortiGate devices VLAN171_0071 and VLAN171_0072 are managed by two FortiManager members: FMG-VM********96 and FMG-VM********53, respectively.

    Navigate to Policy & Objects > Policy Packages, select the policy package named 'default,' and then click Edit Installation Targets. Choose the devices VLAN171_0071 and VLAN171_0072, similar to how you would in a standalone FortiManager setup.

    Execute the policy package installation in the same way as you would with a standalone FortiManager.

    From the example above, you can see that although the FortiGate devices are managed by different FortiManager members, all user actions are triggered through the FortiManager supervisor. The supervisor handles the requests in the background and redirects them to the appropriate FortiManager members. This process is transparent to the user, who can operate as if using a standalone FortiManager.

    Previous
    Next

    Fabric of FortiManager

    Fabric of FortiManager

    Note

    This information is also available in the Fabric of FortiManager Deployment Guide.

    Fabric of FortiManager is a scalable fabric architecture with supervisor and member roles, to increase the performance in growing customer's environments.

    In daily use of Fabric of FortiManager, all operations are performed on the supervisor, such as creating ADOMs, policy objects, and pushing configurations to FortiGates. The supervisor forwards all commands to the corresponding FortiManager members. For users, all operations are seamless and feel the same as using a single FortiManager.

    Forming the Fabric of FortiManager

    To configure the Fabric of FortiManager, you must configure a supervisor, one or more members, and enable FortiManager Fabric communication on the interfaces being used.

    To form a Fabric of FortiManager:

    1. Go to System settings > Network, edit the interfaces used for the Fabric, and enable FortiManager Fabric under Administrative Access.

    2. Configure the supervisor.

      1. Log in to the FortiManager that will act as the supervisor.

      2. Go to System Settings > Fabric Management, and configure the Fabric settings.

        Status ON
        Role Supervisor
        Fabric Name Enter a Fabric name.

      3. Click Apply to save the settings. You must reboot the FortiManager.

    3. Configure a member.

      1. Log in to the FortiManager that will act as a member.

      2. Go to System Settings > Fabric Management, and configure the Fabric settings.

        Status ON
        Role Member
        Fabric Name Enter a Fabric name.

        Upstream IP

        Enter the supervisor's IP.

        Session Port

        The port should match the one configured on the supervisor. The default port is 8013.

      3. Click Apply to save the settings. You must reboot the FortiManager.

    4. Authorize the member device to the Fabric of FortiManager:

      1. On the member, go to System Settings > Fabric Management, and click Confirm to confirm the supervisor's serial number.

      2. On the supervisor, go to System Settings > Fabric Management, and click Authorize on the card that is displayed for the member device.

      3. Repeat these steps for additional member devices added to the Fabric of FortiManager.

    Managing devices

    To add FortiGate devices to a member:

    1. On the supervisor, add a FortiGate to the member.

    2. In the Device Manager, add a new online device and enter the following information:

      IP Address Enter the FortiGate IP address.
      Use Legacy Device Login Enabled
      User Name Enter the FortiGate admin user name.

      Password

      Enter the FortiGate admin password.

      Fabric Member

      Select a FortiManager member from the dropdown list.

    3. Click Next.

    To view device assignments to members

    1. Go to Device Manager > Device & Groups.

      • Select Device Managed by FMG Fabric Members from the Show Charts dropdown.

      • The Fabric Member column in the device table can display the Fabric Member to which the FortiGate is assigned.

    To move FortiGate units between members:

    1. Go to Device Manager > Device & Groups.

    2. Right-click on a device and click Move to FMG Member.

      The Move to FMG Member dialog appears.

    3. Select a target FortiManager member, and click OK. The device is moved to a new member.

    Example

    In daily use of Fabric of FortiManager, all operations are performed on the supervisor, such as creating ADOMs, policy objects, and pushing configurations to FortiGates. The supervisor forwards all commands to the corresponding FortiManager members. For users, all operations are seamless and feel the same as using a single FortiManager.

    For example, user should not modify the policy for each FortiManager member individually. Instead, users should log in to the supervisor FortiManager and make the changes there.

    As shown in the image below, the FortiGate devices VLAN171_0071 and VLAN171_0072 are managed by two FortiManager members: FMG-VM********96 and FMG-VM********53, respectively.

    Navigate to Policy & Objects > Policy Packages, select the policy package named 'default,' and then click Edit Installation Targets. Choose the devices VLAN171_0071 and VLAN171_0072, similar to how you would in a standalone FortiManager setup.

    Execute the policy package installation in the same way as you would with a standalone FortiManager.

    From the example above, you can see that although the FortiGate devices are managed by different FortiManager members, all user actions are triggered through the FortiManager supervisor. The supervisor handles the requests in the background and redirects them to the appropriate FortiManager members. This process is transparent to the user, who can operate as if using a standalone FortiManager.

    Previous
    Next