Fabric 7.x OnSight proxy

24.2.0

Copy Link

Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:843964

Download PDF

Fabric 7.x OnSight proxy

This article provides the steps on how to configure monitoring for Fabric 7.x devices using an OnSight vCollector.

Prerequisites

FortiGate Firewall, running FortiOS 7.0.0 or later
Active Security Fabric (Devices should be present under Fabric Root). See Fortinet Security Fabric Administration Guide.

Security Fabric connections are inbound to TCP port 8013 from the IP address of the OnSight. Configure your firewall to allow inbound traffic to TCP 8013.

Create an admin profile, for example, fabric_admin_ro, that has the following settings:

Within Fabric Connectors > Security Fabric Setup, Downstream REST API Access must be enabled, and the Admin profile set to the profile you created with the above permissions, for example: fabric_admin_ro.
Note: Downstream Rest API access must be enabled on ALL FortiGates that you want to monitor.

Take note of the root FortiGate's Serial Number in the Status Dashboard.

Important note: At this time, once a Fabric environment has been integrated with your FortiMonitor, it may not subsequently be integrated into another FortiMonitor account.

FortiMonitor Configuration

Log in to FortiMonitor (https://fortimonitor.forticloud.com/).
From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.
Select Fabric from the Infrastructure section of the catalog.
Select Fabric Tunnel - OnSight.
From here, follow the on-screen prompts.

a. Discovery type - Select New.

b. FortiOS Version - Select 7.0 and above.

c. OnSight (Optional) - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See OnSight vCollector for more information.

d. Root Management IP - Enter the IP address where your root FortiGate can be reached from the selected OnSight.

e. Fabric API Port - Enter the target port for the Fabric connection. The default is 8013. To ensure that you have the correct port, run get system csf on the root FortiGate.

f. Serial Number - Enter the serial number for the FortiGate Security appliance.
At this point, the FortiMonitor Certificate will require Authorization within FortiOS.
Click Go to Fabric portal to authorize the certificate.
1. For FortiOS lower than 7.2.4, perform this step to authorize FortiMonitor. The following screenshot, taken from the FortiGate GUI, shows FORTIMONITOR under the Fabric Root.
2. For FortiOS 7.2.4 and above, perform the following steps to authorize FortiMonitor.
  1. Go to Dashboard > Status and locate the Security Fabric widget.
  2. In the topology tree, click the highlighted FortiMonitor and select Authorize.
    
    You also have the option to pre-authorize FortiMonitor. For more information on pre-authorization, see Configuring the root FortiGate and downstream FortiGates.
Click Go to Fabric portal to authorize the certificate. Note that if you selected an OnSight to monitor the FortiGates, the OnSight name will be displayed instead of FORTIMONITOR.
Click Continue to Discover & Select.
You can now begin the process of device selection and import.
Once device selection is complete, you will be required to enter an API key for each of the selected FortiGates.
Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.
A summary view of the configuration will be displayed before committing the changes.
After selecting Finish to add the devices, you have the option to be alerted upon completion.
Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.
Once the process completes, the individual devices may be located on their respective instance pages.
You can manage the Fabric integration by going to Settings > Fabric Settings.

Fabric 7.x OnSight proxy

This article provides the steps on how to configure monitoring for Fabric 7.x devices using an OnSight vCollector.

Prerequisites

FortiGate Firewall, running FortiOS 7.0.0 or later
Active Security Fabric (Devices should be present under Fabric Root). See Fortinet Security Fabric Administration Guide.

Security Fabric connections are inbound to TCP port 8013 from the IP address of the OnSight. Configure your firewall to allow inbound traffic to TCP 8013.

Create an admin profile, for example, fabric_admin_ro, that has the following settings:

Within Fabric Connectors > Security Fabric Setup, Downstream REST API Access must be enabled, and the Admin profile set to the profile you created with the above permissions, for example: fabric_admin_ro.
Note: Downstream Rest API access must be enabled on ALL FortiGates that you want to monitor.

Take note of the root FortiGate's Serial Number in the Status Dashboard.

Important note: At this time, once a Fabric environment has been integrated with your FortiMonitor, it may not subsequently be integrated into another FortiMonitor account.

FortiMonitor Configuration

Log in to FortiMonitor (https://fortimonitor.forticloud.com/).
From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.
Select Fabric from the Infrastructure section of the catalog.
Select Fabric Tunnel - OnSight.
From here, follow the on-screen prompts.

a. Discovery type - Select New.

b. FortiOS Version - Select 7.0 and above.

c. OnSight (Optional) - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See OnSight vCollector for more information.

d. Root Management IP - Enter the IP address where your root FortiGate can be reached from the selected OnSight.

e. Fabric API Port - Enter the target port for the Fabric connection. The default is 8013. To ensure that you have the correct port, run get system csf on the root FortiGate.

f. Serial Number - Enter the serial number for the FortiGate Security appliance.
At this point, the FortiMonitor Certificate will require Authorization within FortiOS.
Click Go to Fabric portal to authorize the certificate.
1. For FortiOS lower than 7.2.4, perform this step to authorize FortiMonitor. The following screenshot, taken from the FortiGate GUI, shows FORTIMONITOR under the Fabric Root.
2. For FortiOS 7.2.4 and above, perform the following steps to authorize FortiMonitor.
  1. Go to Dashboard > Status and locate the Security Fabric widget.
  2. In the topology tree, click the highlighted FortiMonitor and select Authorize.
    
    You also have the option to pre-authorize FortiMonitor. For more information on pre-authorization, see Configuring the root FortiGate and downstream FortiGates.
Click Go to Fabric portal to authorize the certificate. Note that if you selected an OnSight to monitor the FortiGates, the OnSight name will be displayed instead of FORTIMONITOR.
Click Continue to Discover & Select.
You can now begin the process of device selection and import.
Once device selection is complete, you will be required to enter an API key for each of the selected FortiGates.
Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.
A summary view of the configuration will be displayed before committing the changes.
After selecting Finish to add the devices, you have the option to be alerted upon completion.
Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.
Once the process completes, the individual devices may be located on their respective instance pages.
You can manage the Fabric integration by going to Settings > Fabric Settings.