Fortinet white logo
Fortinet white logo

Creating a fabric connector

Creating a fabric connector

A fabric connector connects FortiPolicy to the root FortiGate device and everything connected to the root FortiGate device.

To create a fabric connector:
  1. In the root FortiGate device, go to Dashboard > Status and copy the FortiGate serial number from the System Information widget.

  2. In FortiPolicy, configure the Security Fabric.

    1. Go to Configuration > Security Fabric.

    2. In the Root FortiGate Serial Number field, enter the serial number for the root FortiGate device.
    3. In the IP Address field, enter the IP address of the root FortiGate device.
    4. By default, the Port field is set to 8013.
    5. In the Assign FortiPolicy ACL Policy dropdown list, select Default ACL Policy.

    6. Click SAVE.
  3. Configure the settings in each FortiGate device (root FortiGate and child FortiGate devices) in the Security Fabric.

    1. Go to Security Fabric > Fabric Connectors, right-click Security Fabric Setup, and select Edit.

    2. Enable Allow downstream device REST API Access.

    3. From the Administrator profile dropdown list, select super_admin.

    4. Click OK.

  4. In the root FortiGate device, configure the management port.

    1. Go to Network > Interfaces, select the Mgmt port, and click Edit.

    2. Select the Security Fabric Connection checkbox and then click OK.

  5. Go to Security Fabric > Fabric Connectors, click the highlighted FortiPolicy serial number, and select Authorize.

  6. In the Verify Pending Device Certificate pane, click Accept.

  7. In the FortiOS CLI, click the CLI Console button at the top of the window and then enter the following commands on each FortiGate device that is part of the Security Fabric (root FortiGate and child FortiGate devices):

    config system csf

    config fabric-connector

    edit <FortiPolicy_serial_number>

    set configuration-write-access enable

    set accprofile super_admin

    next

    end

    end

    To find the FortiPolicy serial number, go to Security Fabric > Fabric Connectors and hover above the FortiPolicy device that you authorized, as shown in the following figure.

  8. FortiPolicy now displays the status of the connector as Connected (Authorized).

  9. In FortiOS, the status of the fabric connector is Connected.

Creating a fabric connector

Creating a fabric connector

A fabric connector connects FortiPolicy to the root FortiGate device and everything connected to the root FortiGate device.

To create a fabric connector:
  1. In the root FortiGate device, go to Dashboard > Status and copy the FortiGate serial number from the System Information widget.

  2. In FortiPolicy, configure the Security Fabric.

    1. Go to Configuration > Security Fabric.

    2. In the Root FortiGate Serial Number field, enter the serial number for the root FortiGate device.
    3. In the IP Address field, enter the IP address of the root FortiGate device.
    4. By default, the Port field is set to 8013.
    5. In the Assign FortiPolicy ACL Policy dropdown list, select Default ACL Policy.

    6. Click SAVE.
  3. Configure the settings in each FortiGate device (root FortiGate and child FortiGate devices) in the Security Fabric.

    1. Go to Security Fabric > Fabric Connectors, right-click Security Fabric Setup, and select Edit.

    2. Enable Allow downstream device REST API Access.

    3. From the Administrator profile dropdown list, select super_admin.

    4. Click OK.

  4. In the root FortiGate device, configure the management port.

    1. Go to Network > Interfaces, select the Mgmt port, and click Edit.

    2. Select the Security Fabric Connection checkbox and then click OK.

  5. Go to Security Fabric > Fabric Connectors, click the highlighted FortiPolicy serial number, and select Authorize.

  6. In the Verify Pending Device Certificate pane, click Accept.

  7. In the FortiOS CLI, click the CLI Console button at the top of the window and then enter the following commands on each FortiGate device that is part of the Security Fabric (root FortiGate and child FortiGate devices):

    config system csf

    config fabric-connector

    edit <FortiPolicy_serial_number>

    set configuration-write-access enable

    set accprofile super_admin

    next

    end

    end

    To find the FortiPolicy serial number, go to Security Fabric > Fabric Connectors and hover above the FortiPolicy device that you authorized, as shown in the following figure.

  8. FortiPolicy now displays the status of the connector as Connected (Authorized).

  9. In FortiOS, the status of the fabric connector is Connected.