Fortinet white logo
Fortinet white logo

User Guide

24.4.0

Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)

Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)

This article provides the steps on how to configure a Fortinet Security Fabric environment for monitoring with FortiMonitor. See Security Fabric for an overview of the solution.

Note: For FortiOS 6.x deployments, see Fabric 6.x integration.

Prerequisites

  • Administrative access to interfaces within FortiGate. See Interface settings.

  • For the public-facing (WAN) interface(s), enable Security Fabric Connection. This enables FortiTelemetry and CAPWAP.

Note:

Security Fabric connections are inbound to TCP port 8013 from these two IP address:

  • 104.197.35.194/32

  • 35.185.29.9/32

Configure your firewall to allow inbound traffic to TCP 8013. If you want to limit access to just these two IPs, configure your FortiGate. Note that these IP addresses are subject to change and you will be notified prior to any such change.

  • Create an admin profile, for example, fabric_admin_ro, that has the following settings:

  • Within Fabric Connectors > Security Fabric Setup, Downstream rest API Access must be enabled, and the Admin profile set to the profile you created with the above permissions, for example: fabric_admin_ro

  • Take note of the device Serial Number in the Status Dashboard.

Important note: At this time, once a Fabric environment has been integrated with your FortiMonitor, it may not subsequently be integrated into another FortiMonitor account.

FortiMonitor configuration

After completing the prerequisites, you can now connect FortiMonitor to your Fabric environment.

Note: Before connecting FortiMonitor to your Fabric environment, ensure that you have a fully functioning and active Security Fabric environment. Please see Prerequisites.

  1. Log in to FortiMonitor (https://fortimonitor.forticloud.com/).

  2. From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.

  3. Select Fabric from the Infrastructure section of the catalog.

  4. Select Fabric Tunnel.

  5. From here, follow the on-screen prompts.

    1. Discovery type - Select either New or Existing.

    2. FortiOS Version - Select the FortiOS version of the Fabric device

    3. OnSight (Optional) - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See Fabric 7.x OnSight proxy for more information.

    4. Root Device IP/FQDN - Public IP address where your root FortiGate can be reached from the FortiMonitor Public Cloud.

    5. Fabric API Port - Enter the target port for the Fortinet Security Fabric Connection.

    6. Serial Number - Enter the serial number for the FortiGate Security appliance. See Prerequisites.

  6. At this point, the FortiMonitor certificate will require Authorization within FortiOS.

  7. Click Go to Fabric portal to authorize the certificate.

    1. For FortiOS lower than 7.2.4, perform this step to authorize FortiMonitor. The following screenshot, taken from the FortiGate GUI, shows FORTIMONITORUS01 under the Fabric Root.

    2. For FortiOS 7.2.4 and above, perform the following steps to authorize FortiMonitor.

      1. Go to Dashboard > Status and locate the Security Fabric widget.

      2. In the topology tree, click the highlighted FortiMonitor and select Authorize.

        You also have the option to pre-authorize FortiMonitor. For more information on pre-authorization, see Configuring the root FortiGate and downstream FortiGates.

  8. Once authorized, you can then begin the process of device selection and import.

  9. Once device selection is complete, you may now assign tags, monitoring templates, and alert timelines.

  10. Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.

  11. A summary view of the configuration will be displayed before committing the changes.

  12. After selecting Finish to add the devices, you have the option to be alerted upon completion.
    Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.

  13. Once the process completes, the individual devices may be located on their respective instance pages.

  14. You can manage the Fabric integration by going to Settings > Fabric Settings.

Manage Fabric connections

Fabric connections can be managed by clicking Monitoring > Infra Settings > Fabric.

The Fabric Connections management page is displayed.

From this page, you can perform the following actions on each Fabric connection by clicking the 3-dot menu:

  • Edit the configuration of the Fabric connection

  • Rename the Fabric connection

  • Modify the discovery frequency

  • Delete the Fabric connection

  • Re-discover the Fabric connection

Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)

Fabric Tunnel connected to FortiMonitor cloud (FortiOS 7.0 and newer)

This article provides the steps on how to configure a Fortinet Security Fabric environment for monitoring with FortiMonitor. See Security Fabric for an overview of the solution.

Note: For FortiOS 6.x deployments, see Fabric 6.x integration.

Prerequisites

  • Administrative access to interfaces within FortiGate. See Interface settings.

  • For the public-facing (WAN) interface(s), enable Security Fabric Connection. This enables FortiTelemetry and CAPWAP.

Note:

Security Fabric connections are inbound to TCP port 8013 from these two IP address:

  • 104.197.35.194/32

  • 35.185.29.9/32

Configure your firewall to allow inbound traffic to TCP 8013. If you want to limit access to just these two IPs, configure your FortiGate. Note that these IP addresses are subject to change and you will be notified prior to any such change.

  • Create an admin profile, for example, fabric_admin_ro, that has the following settings:

  • Within Fabric Connectors > Security Fabric Setup, Downstream rest API Access must be enabled, and the Admin profile set to the profile you created with the above permissions, for example: fabric_admin_ro

  • Take note of the device Serial Number in the Status Dashboard.

Important note: At this time, once a Fabric environment has been integrated with your FortiMonitor, it may not subsequently be integrated into another FortiMonitor account.

FortiMonitor configuration

After completing the prerequisites, you can now connect FortiMonitor to your Fabric environment.

Note: Before connecting FortiMonitor to your Fabric environment, ensure that you have a fully functioning and active Security Fabric environment. Please see Prerequisites.

  1. Log in to FortiMonitor (https://fortimonitor.forticloud.com/).

  2. From the navigation menu, click Add. The Infrastructure and Resource Catalog is displayed.

  3. Select Fabric from the Infrastructure section of the catalog.

  4. Select Fabric Tunnel.

  5. From here, follow the on-screen prompts.

    1. Discovery type - Select either New or Existing.

    2. FortiOS Version - Select the FortiOS version of the Fabric device

    3. OnSight (Optional) - Select an OnSight. This OnSight will be used to monitor the FortiGates and associated devices. See Fabric 7.x OnSight proxy for more information.

    4. Root Device IP/FQDN - Public IP address where your root FortiGate can be reached from the FortiMonitor Public Cloud.

    5. Fabric API Port - Enter the target port for the Fortinet Security Fabric Connection.

    6. Serial Number - Enter the serial number for the FortiGate Security appliance. See Prerequisites.

  6. At this point, the FortiMonitor certificate will require Authorization within FortiOS.

  7. Click Go to Fabric portal to authorize the certificate.

    1. For FortiOS lower than 7.2.4, perform this step to authorize FortiMonitor. The following screenshot, taken from the FortiGate GUI, shows FORTIMONITORUS01 under the Fabric Root.

    2. For FortiOS 7.2.4 and above, perform the following steps to authorize FortiMonitor.

      1. Go to Dashboard > Status and locate the Security Fabric widget.

      2. In the topology tree, click the highlighted FortiMonitor and select Authorize.

        You also have the option to pre-authorize FortiMonitor. For more information on pre-authorization, see Configuring the root FortiGate and downstream FortiGates.

  8. Once authorized, you can then begin the process of device selection and import.

  9. Once device selection is complete, you may now assign tags, monitoring templates, and alert timelines.

  10. Next, configure the Instance Group, which is the logical organization of the monitored instances within FortiMonitor.

  11. A summary view of the configuration will be displayed before committing the changes.

  12. After selecting Finish to add the devices, you have the option to be alerted upon completion.
    Note: Depending on the number of devices in your Fabric environment, this process may take a few minutes. A banner will be displayed once the process is complete.

  13. Once the process completes, the individual devices may be located on their respective instance pages.

  14. You can manage the Fabric integration by going to Settings > Fabric Settings.

Manage Fabric connections

Fabric connections can be managed by clicking Monitoring > Infra Settings > Fabric.

The Fabric Connections management page is displayed.

From this page, you can perform the following actions on each Fabric connection by clicking the 3-dot menu:

  • Edit the configuration of the Fabric connection

  • Rename the Fabric connection

  • Modify the discovery frequency

  • Delete the Fabric connection

  • Re-discover the Fabric connection