FortiAI
FortiAI can be added to the Security Fabric so it appears in the topology views and the dashboard widgets.
To add FortiAI to the Security Fabric in the GUI:
- Enable the Security Fabric and configure the interface to allow other Security Fabric devices to join (see Configuring the root FortiGate and downstream FortiGates).
- Install the FortiAI appliance and activate the product with a valid license (see Registering products in the Asset Management Guide). A license file is provided after the product is registered.
- In FortiAI, go to System > FortiGuard and verify that the pre-trained models (engines) are up to date. Refer to the FortiGuard website for the latest FortiAI ANN versions.
- Configure and authorize the FortiGate in the FortiAI GUI to join the Security Fabric:
- Go to Security Fabric > Fabric Connectors and double-click the connector card.
- Click the toggle to Enable Security Fabric.
- Enter the FortiGate Root IP address and the FortiAI IP address.
- Click OK. The FortiAI is now authorized.
- Authorize the FortiAI in FortiOS:
- Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
- In the topology tree, click the highlighted FortiAI serial number and select Authorize.
- Click Accept to verify the device certificate.
The Security Fabric widget on the dashboard also updates when the FortiAI is authorized.
- Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology to view more information.
To add FortiAI to the Security Fabric in the CLI:
- Configure the interface to allow other Security Fabric devices to join:
config system interface edit "port1" ... set allowaccess ping https ssh http fgfm fabric ... next end
- Enable the Security Fabric:
config system csf set status enable set group-name "fabric-ai" end
- In FortiAI, configure the device to join the Security Fabric:
config system csf set status enable set upstream-ip 10.6.30.14 set managment-ip 10.6.30.251 end
- Authorize the FortiAI in FortiOS:
config system csf set status enable set group-name "fabric-ai" config trusted-list edit "FAIVMSTM21000000" set authorization-type certificate set certificate "*******************" next end end