Security Fabric


This collection of related recipes shows how to configure a Security Fabric throughout your network, using a range of Fortinet products. This security fabric will link different security sensors and tools together to collect, coordinate, and respond to malicious behavior anywhere it occurs on your network in real time.

Below, you will find links to a number of Cookbook recipes. By using these recipes in the listed order, you can create a network similar to the one shown above.

This collection is a work-in-progress. Check back to see what new recipes have been added.

Between most steps are screenshots showing the FortiView Topology dashboards, which can be seen in the video above. These dashboards display the devices that make up your Security Fabric. The Physical Topology dashboard shows all access layer devices, while the Logical Topology dashboard displays information about the interface (logical or physical) that each device is connected to.

This collection is supported for the following Fortinet firmware:

  • FortiOS 5.6.0+
  • FortiAnalyzer 5.6.0+
  • FortiSandbox 2.4.0+
  • FortManager 5.6.0+

1. Installing a FortiGate in NAT/Route mode

In this recipe, you install the initial FortiGate, which will later be used as the root FortiGate (also known as the upstream FortiGate) in the security fabric.

Because the Security Fabric has not yet been enabled, the FortiView topology dashboards are not yet available.

2. Security Fabric installation

In this recipe, three additional FortiGates are added to the network as Internal Segmentation Firewalls (ISFWs). A FortiAnalyzer is also added to the network to collect and view logs. Once the devices are installed, a security fabric is set up between them and the root FortiGate which was installed in the network previously.

In the example network, the Internet-facing FortiGate is called External, with three additional FortiGates, called Accounting, Marketing, and Sales. The FortiGates all appear in the FortiView topology on the External FortiGate, along with the FortiAnalyzer.

Physical topology:

Logical topology:

3. FortiSandbox in the Security Fabric

In this recipe, a FortiSandbox is added to the Security Fabric, so that any suspicious files discovered by the FortiGates can be be scanned and tested in isolation from the rest of the network.

The FortiSandbox now appears in the FortiView topology.

Physical topology:

Logical topology:

4. High Availability with two FortiGates

In this recipe, a backup FortiGate is added to External, the root FortiGate in the security fabric, to create an HA cluster. This will provide redundancy if the primary FortiGate fails.

The HA cluster is now shown in FortiView.

Physical topology:

Logical topology:

5. FortiManager in the Security Fabric

In this recipe, a FortiManager is added to provide central management for the FortiGates in the Security Fabric.

The FortiManager does not appear in the FortiView dashboards, so they remain unchanged.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
  • Aaron Moorington

    Assuming that I have enough power and ports, can I use only one equipmment as external firewall (NGFW) and as ISFW?

    • Victoria Martin

      Hi Aaron,

      That configuration is possible, however the Security Fabric feature is intended to include multiple FortiGates. Also, please note that VDOMs are not supported for use with a Security Fabric.