FortiManager in the Security Fabric

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will add a FortiManager to a network that is already configured as a Security Fabric. This will simplify network administration because you can manage all of the FortiGates in the network from the FortiManager.

This recipe is in Security Fabric Collection. It can also be used as a standalone recipe.

In this example, the FortiManager is added to an existing Security Fabric, with an HA cluster, called External, configured as the root FortiGate. In this network, the subnet 192.168.55.0 is used for external devices, such as a FortiAnalyzer. The FortiManager will be added to this subnet.

This recipe was created using FortiOS 5.6.1. If you are using 5.6.0, GUI paths related to the Security Fabric and the appearance of some pages will differ from what is shown.

Find this recipe for other FortiOS versions
5.4 | 5.6

1. Connecting External and the FortiManager

In this example, External’s port 16 will connect to port 2 on the FortiManager.

On External, go to Network > Interfaces and edit port 16.

Configure Administrative Access to allow FMG-Access.

On the FortiManager, go to System Settings > Network, select All Interfaces, and edit port 2.

Set IP Address/Netmask to an internal IP address (in the example, 192.168.55.30/255.255.255.0).

Select Routing Table and add a default route for port 2. Set Gateway to the IP address of External’s port 16.

If you have not already done so, connect port 2 on the FortiManager to port 16 on External.

2. Configuring central management on External

On External, go to System > Settings. Under Central Management, select FortiManager and enter the IP/Domain Name.

After you select Apply, a message appears stating that the FortiGate’s message was received by the FortiManager and is now waiting for confirmation.

On the FortiManager, go to Device Manager > Unregistered Devices. Select External, then select + Add.

Add External to the root ADOM.

External is now on the Managed FortiGates list and shown as part of a Security Fabric group. The * beside External indicates that it is the root FortiGate in the Security Fabric.

Connect to External. A warning message appears stating that the FortiGate is now managed by a FortiManager.

Select Login Read-Only.

Go to System > Settings. Under Central Management, the Status is now Registered on FortiManager.

3. Configuring central management on the ISFW FortiGates

For each FortiGate in the Security Fabric, make sure that the interface connected to External allows FMG-Access.

Once this is confirmed, you can repeat the process shown in Step 2 for all FortiGates in the Security Fabric.

4. Results

All FortiGates in the Security Fabric are shown in the Managed FortiGates list on the FortiManager.

To show all FortiGates in the Security Fabric group, right-click on External (the root FortiGate), and select Refresh Device.

Right-click on the Security Fabric group and select Fabric Topology. The topology of the Security Fabric is displayed.

For further reading, check out Central Management in the FortiOS 5.6 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
You may also need to refresh the page before all devices are shown in the Security Fabric group.