Fabric 7.x OnSight proxy
This article provides the steps on how to configure monitoring for Fabric 7.x devices using an OnSight vCollector.
Prerequisites
-
FortiGate Firewall, running FortiOS 7.0.0 or later
-
Active Security Fabric (Devices should be present under Fabric Root). See Fortinet Security Fabric Administration Guide.
-
Security Fabric connections are inbound to TCP port 8013 from the IP address of the OnSight. Configure your firewall to allow inbound traffic to TCP 8013.
-
Create an admin profile, for example, fabric_admin_ro, that has the following settings:
-
Within Fabric Connectors > Security Fabric Setup, Downstream REST API Access must be enabled, and the Admin profile set to the profile you created with the above permissions, for example: fabric_admin_ro.
Note: Downstream Rest API access must be enabled on ALL FortiGates that you want to monitor.
-
Take note of the root FortiGate's Serial Number in the Status Dashboard.
Important note: At this time, once a Fabric environment has been integrated with your FortiMonitor, it may not subsequently be integrated into another FortiMonitor account.
FortiMonitor Configuration
-
Log in to FortiMonitor (https://fortimonitor.forticloud.com/).
-
From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.
-
Select Fabric from the Infrastructure section of the catalog.
-
Select Fabric Tunnel - OnSight.
-
From here, follow the on-screen prompts.
a. Discovery type - Select New.
b. FortiOS Version - Select 7.0 and above.
c. OnSight (Optional) - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See OnSight vCollector for more information.
d. Root Management IP - Enter the IP address where your root FortiGate can be reached from the selected OnSight.
e. Fabric API Port - Enter the target port for the Fabric connection. The default is 8013. To ensure that you have the correct port, run
get system csf
on the root FortiGate.f. Serial Number - Enter the serial number for the FortiGate Security appliance.
-
At this point, the FortiMonitor Certificate will require Authorization within FortiOS.
-
Click Go to Fabric portal to authorize the certificate.
-
For FortiOS lower than 7.2.4, perform this step to authorize FortiMonitor. The following screenshot, taken from the FortiGate GUI, shows FORTIMONITOR under the Fabric Root.
-
For FortiOS 7.2.4 and above, perform the following steps to authorize FortiMonitor.
-
Go to Dashboard > Status and locate the Security Fabric widget.
-
In the topology tree, click the highlighted FortiMonitor and select Authorize.
You also have the option to pre-authorize FortiMonitor. For more information on pre-authorization, see Configuring the root FortiGate and downstream FortiGates.
-
-
-
Click Go to Fabric portal to authorize the certificate. Note that if you selected an OnSight to monitor the FortiGates, the OnSight name will be displayed instead of FORTIMONITOR.
-
Click Continue to Discover & Select.
-
You can now begin the process of device selection and import.
-
Once device selection is complete, you will be required to enter an API key for each of the selected FortiGates.
-
Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.
-
A summary view of the configuration will be displayed before committing the changes.
-
After selecting Finish to add the devices, you have the option to be alerted upon completion.
Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete. -
Once the process completes, the individual devices may be located on their respective instance pages.
-
You can manage the Fabric integration by going to Settings > Fabric Settings.