In this recipe, you will add a FortiManager to a network that is already configured as a Security Fabric. This will simplify network administration because you can manage all of the FortiGates in the fabric from the FortiManager.
This recipe is in Security Fabric collection. It can also be used as a standalone recipe.
In this example, the FortiManager is added to an existing Security Fabric, with an HA Cluster called External configured as the root FortiGate. In this Fabric, the subnet 192.168.55.0 is used for external devices such as FortiAnalyzer. The FortiManager will be added to this subnet.
OSPF routing and a security policy have already been configured to allow devices in the fabric to access the 192.168.55.0 subnet. For more information about this configuration, see Security Fabric installation.
Find this recipe for other FortiOS versions
5.4 | 5.6
1. Connecting External and the FortiManager |
|
|
In this example, External’s port 16 will connect to port 2 on the FortiManager. |
|
|
On External, go to Network > Interfaces and edit port 16. Configure Administrative Access to allow FMG-Access. |
 |
|
On the FortiManager, go to System Settings > Network, select All Interfaces, and edit port2. Set IP Address/Netmask to an internal IP (in the example, 192.168.55.30/255.255.255.0). |
 |
| Connect External and the FortiManager. | |
| On the FortiManager, go to System Settings > Network and edit port 2. Add a Default Gateway, using the IP address of External’s port 16. |  |
2. Configuring central management on External |
|
|
On External, go to System > Settings. Under Central Management, select FortiManager and enter the IP/Domain Name. |
 |
|
A message appears, stating that the FortiGate’s message was received by the FortiManager and is now awaiting confirmation. |
 |
|
On the FortiManager, go to Device Manager > Unregistered Devices. Select External, then select + Add. |
 |
| Add the device to the root ADOM. |  |
|
External is now on the Managed FortiGates list. |
 |
|
Connect to External. A warning message appears, stating that the FortiGate is now managed by a FortiManager. Select Login Read-Only. |
 |
|
Go to System > Settings. The Central Management Status is now Registered on FortiManager. |
 |
3. Configuring central management on the ISFW FortiGates |
|
|
For each FortiGate in the Security Fabric, make sure that the interface connected External allows FMG-Access. Once this is confirmed, you can repeat the process shown in Step 2 for all FortiGates in the Fabric. |
 |
4. Results |
|
|
All FortiGates in the Security Fabric are shown in the FortiManager’s Managed FortiGates list. |
 |
The post FortiManager in the Security Fabric appeared first on Fortinet Cookbook.