Quantcast
Channel: Fortinet Cookbook
Viewing all articles
Browse latest Browse all 690

FortiManager in the Fortinet Security Fabric

$
0
0

In this recipe, you add a FortiManager to the Security Fabric. This simplifies network administration because you manage all of the FortiGate devices in your network from the FortiManager.

This recipe is in Fortinet Security Fabric Collection. You can also use it as a standalone recipe.

In this example, you add the FortiManager to an existing Security Fabric, with an HA cluster called Edge as the root FortiGate and three internal FortiGates: Accounting, Marketing, and Sales. Network resources, such as a FortiManager, are located on the subnet 192.168.65.x.

Find this recipe for other FortiOS versions
5.4 | 5.6 | 6.0

1. Connecting the FortiManager and Edge

In this example, port 16 on Edge connects to port 4 on the FortiManager.

To configure the interface on the root FortiGate, connect to Edge, go to Network > Interfaces, and edit port 16.

Configure Administrative Access to allow FMG-Access and FortiTelemetry.

To configure the interface on the FortiManager, connect to the FortiManager, go to System Settings > Network, select All Interfaces, and edit port4.

Set IP Address/Netmask to an internal IP address (in the example, 192.168.65.30/255.255.255.0).

Select Routing Table and add a default route for port 4. Set Gateway to the IP address of port 16 on Edge.

If you haven’t already done so, connect the FortiManager and Edge.

2. Allowing the FortiManager to have Internet access

In order to communicate with FortiGuard, the FortiManager requires Internet access.

To create an address for the FortiManager, connect to Edge, go to Policy & Objects > Addresses, and create a new address.

To allow the FortiManager to access the Internet, go to Policy & Objects > IPv4 Policy, and create a new policy.

3. Configuring central management

To enable central management, connect to Edge, go to Security Fabric > Settings, and enable Central Management.

Set Type to FortiManager, Mode to Normal, and set IP/Domain Name to the IP address of port 4 on the FortiManager.

After you select Apply, a message appears stating that the FortiManager received the message and Edge is waiting for management confirmation.

Edge, as the root FortiGate, pushes FortiManager settings to the other FortiGate devices in the Security Fabric. To verify this, connect to Accounting and go to Security Fabric > Settings.

To confirm the management connection, connect to the FortiManager and go to Device Manager > Unregistered Devices. Select the FortiGate devices and select + Add.

Add the FortiGate devices to the FortiManager.

Connect to Edge. A warning message appears stating that the FortiGate is now managed by a FortiManager.

Select Login Read-Only.

Go to Security Fabric > Settings. Under Central Management, the Status is now Registered on FortiManager.

4. Results

The FortiGate devices are on the Managed FortiGate list and appear as part of a Security Fabric group. The * beside Edge indicates that it’s the root FortiGate in the Security Fabric.

Right-click on any of the FortiGate devices and select Fabric Topology. The topology of the Security Fabric is displayed.

For further reading, check out Central Management with FortiManager in the FortiOS 6.0 Online Help.

  • Was this helpful?
  • Yes   No

The post FortiManager in the Fortinet Security Fabric appeared first on Fortinet Cookbook.


Viewing all articles
Browse latest Browse all 690

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>