Fortinet black logo

User Guide

Home FortiMonitor 24.2.0 User Guide

Fabric 6.x Integration

24.2.0
24.2.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:16509
Download PDF

Fabric group

This article provides the steps on how to configure monitoring for Fabric 6.x devices using an OnSight vCollector.

Prerequisites

  • Web administration is enabled on all FortiGates

  • Active Security Fabric (Devices should be present under Fabric Root). See Fortinet Security Fabric Administration Guide.

  • OnSight is able to access the admin port of all FortiGates (port 443)

  • The serial of the root FortiGate. To get the serial number, open the console on the root FortiGate then run get system status | grep Serial.

  • API key and API user for all FortiGates that you want to monitor. Note that any attached devices (switches, APs, extenders) cannot be monitored without an API key from the FortiGate.

Create an API Key and API User

An API key and an API user must be created on each FortiGate.

  1. Log in to the FortiGate GUI. See Using the GUI for more information.

  2. Go to System > Administrators.

  3. Click Create New > REST API Admin.

  4. Enter the following information:

    1. Username - Enter FortiMonitor.

    2. Administrator Profile - Select super_admin_readonly.

  5. Click OK. Take note of the generated API key. This will be needed to onboard the FortiGate and its devices to FortiMonitor.

FortiMonitor Configuration

After creating an API key and API user on each FortiGate, you can now connect FortiMonitor to your Fabric environment.

  1. Log in to FortiMonitor (https://fortimonitor.forticloud.com/).

  2. From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.

  3. Select Fabric from the Infrastructure section of the catalog.

  4. Select Fabric Group.

    • From here, follow the on-screen prompts.

    • Discovery type - Select New.

    • FortiOS Version - Select 6.x and below.

    • OnSight - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See OnSight vCollector for more information.

    • Root Management IP - Enter the IP address where your root FortiGate can be reached from the selected OnSight.

    • Root Management Port - Enter the management port of the root FortiGate.
      Note: Make sure to click Specify on both the Management IP and Management Port fields on the root FortiGate.

    • Serial Number - Enter the serial number for the FortiGate Security appliance. To get the serial number, open the console on the root FortiGate then run:
      get system status | grep Serial.

    • API Key - Enter the API key for the REST interface of the root FortiGate

  6. Click Continue to Discover & Select.

  7. You can now begin the process of device selection and import.

  8. Once device selection is complete, you will be required to enter an API key for each of the selected FortiGates.

  9. Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.

  10. A summary view of the configuration will be displayed before committing the changes.

  11. After selecting Finish to add the devices, you have the option to be alerted upon completion.
    Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.

  12. Once the process completes, the individual devices may be located on their respective instance pages.

  13. You can manage the Fabric integration by going to Settings > Fabric Settings.

Previous
Next

Fabric group

This article provides the steps on how to configure monitoring for Fabric 6.x devices using an OnSight vCollector.

Prerequisites

  • Web administration is enabled on all FortiGates

  • Active Security Fabric (Devices should be present under Fabric Root). See Fortinet Security Fabric Administration Guide.

  • OnSight is able to access the admin port of all FortiGates (port 443)

  • The serial of the root FortiGate. To get the serial number, open the console on the root FortiGate then run get system status | grep Serial.

  • API key and API user for all FortiGates that you want to monitor. Note that any attached devices (switches, APs, extenders) cannot be monitored without an API key from the FortiGate.

Create an API Key and API User

An API key and an API user must be created on each FortiGate.

  1. Log in to the FortiGate GUI. See Using the GUI for more information.

  2. Go to System > Administrators.

  3. Click Create New > REST API Admin.

  4. Enter the following information:

    1. Username - Enter FortiMonitor.

    2. Administrator Profile - Select super_admin_readonly.

  5. Click OK. Take note of the generated API key. This will be needed to onboard the FortiGate and its devices to FortiMonitor.

FortiMonitor Configuration

After creating an API key and API user on each FortiGate, you can now connect FortiMonitor to your Fabric environment.

  1. Log in to FortiMonitor (https://fortimonitor.forticloud.com/).

  2. From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.

  3. Select Fabric from the Infrastructure section of the catalog.

  4. Select Fabric Group.

    • From here, follow the on-screen prompts.

    • Discovery type - Select New.

    • FortiOS Version - Select 6.x and below.

    • OnSight - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See OnSight vCollector for more information.

    • Root Management IP - Enter the IP address where your root FortiGate can be reached from the selected OnSight.

    • Root Management Port - Enter the management port of the root FortiGate.
      Note: Make sure to click Specify on both the Management IP and Management Port fields on the root FortiGate.

    • Serial Number - Enter the serial number for the FortiGate Security appliance. To get the serial number, open the console on the root FortiGate then run:
      get system status | grep Serial.

    • API Key - Enter the API key for the REST interface of the root FortiGate

  6. Click Continue to Discover & Select.

  7. You can now begin the process of device selection and import.

  8. Once device selection is complete, you will be required to enter an API key for each of the selected FortiGates.

  9. Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.

  10. A summary view of the configuration will be displayed before committing the changes.

  11. After selecting Finish to add the devices, you have the option to be alerted upon completion.
    Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.

  12. Once the process completes, the individual devices may be located on their respective instance pages.

  13. You can manage the Fabric integration by going to Settings > Fabric Settings.

Previous
Next