FortiManager in the Security Fabric

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will add a FortiManager to a network that is already configured as a Security Fabric. This will simplify network administration because you can manage all of the FortiGates in the fabric from the FortiManager.

This recipe is in Security Fabric collection. It can also be used as a standalone recipe.

In this example, the FortiManager is added to an existing Security Fabric, with an HA Cluster called External configured as the root FortiGate. In this Fabric, the subnet 192.168.55.0 is used for external devices such as FortiAnalyzer. The FortiManager will be added to this subnet.

OSPF routing and a security policy have already been configured to allow devices in the fabric to access the 192.168.55.0 subnet. For more information about this configuration, see Security Fabric installation.

Find this recipe for other FortiOS versions
5.4 | 5.6

1. Connecting External and the FortiManager

In this example, External’s port 16 will connect to port 2 on the FortiManager.

On External, go to Network > Interfaces and edit port 16.

Configure Administrative Access to allow FMG-Access.

 

On the FortiManager, go to System Settings > Network, select All Interfaces, and edit port2.

Set IP Address/Netmask to an internal IP (in the example, 192.168.55.30/255.255.255.0).

 
Connect External and the FortiManager.
On the FortiManager, go to System Settings > Network and edit port 2. Add a Default Gateway, using the IP address of External’s port 16.

2. Configuring central management on External

On External, go to System > Settings. Under Central Management, select FortiManager and enter the IP/Domain Name.

 

A message appears, stating that the FortiGate’s message was received by the FortiManager and is now awaiting confirmation.

 

On the FortiManager, go to Device Manager > Unregistered Devices. Select External, then select + Add.

Add the device to the root ADOM.  

External is now on the Managed FortiGates list.

Connect to External. A warning message appears, stating that the FortiGate is now managed by a FortiManager.

Select Login Read-Only.

Go to System > Settings. The Central Management Status is now Registered on FortiManager.

3. Configuring central management on the ISFW FortiGates

For each FortiGate in the Security Fabric, make sure that the interface connected External allows FMG-Access.

Once this is confirmed, you can repeat the process shown in Step 2 for all FortiGates in the Fabric.

4. Results

All FortiGates in the Security Fabric are shown in the FortiManager’s Managed FortiGates list.

 

For further reading, check out Central Management in the FortiOS 5.6 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No