The Fortinet Security Fabric links various security sensors and tools together to collect, coordinate, and respond to malicious behavior, in real time, anywhere it occurs on your network. Below, you will find a collection Cookbook recipes about the Security Fabric. By using these recipes in the order listed, you can create a network similar to the one shown above.
This collection is a work in progress. Check back regularly for new recipes.
You can find more information about the Security Fabric at the Fortinet Document Library.
Between most steps are screenshots showing the Security Fabric topology views. The Physical Topology dashboard shows all access layer devices, and the Logical Topology dashboard shows information about the interface (logical or physical) that each device is connected to.
This collection supports the following Fortinet firmware:
- FortiOS 5.6.0+
- FortiAnalyzer 5.6.0+
- FortiSandbox 2.4.0+
- FortManager 5.6.0+
This recipe shows you how to install a single FortiGate in your network using NAT/Route mode, the most commonly used operation mode..
In later recipes, this FortiGate will be the “external” FortiGate in the network, because it the only FortiGate that directly connects to the Internet, with other FortiGates located behind it. This role is also known as the edge or gateway FortiGate
This FortiGate will also be the root FortiGate in the Security Fabric. The root FortiGate receives information from all other FortiGates in the Security Fabric and is used to run the Security Fabric Audit. For more information about this, refer to the next recipe in the collection.
Because a Security Fabric has not yet been created, the Security Fabric topology views have not been included here.
This recipe shows you how to add three additional FortiGates to the network as Internal Segmentation Firewalls (ISFWs). A FortiAnalyzer is also added to the network to collect and view logs.
After the ISFW FortiGates and FortiAnalyzer are installed, the Security Fabric is configured. External, the FortiGate from the previous recipe, becomes the root FortiGate in the Security Fabric, with the other FortiGates sending their information upstream to External.
The FortiGates all appear in the topology views on External, along with the FortiAnalyzer. The ISFW FortiGates (Accounting, Sales, and Marketing) are connected to the root FortiGate (External).
This recipe shows you how to add a FortiSandbox to the Security Fabric, so that any suspicious files discovered by the FortiGates can be scanned and tested in isolation from the rest of the network. A file is considered to be suspicious if it has some suspicious characteristics, but does not contain any known threats.
After the FortiSandbox is added to the Security Fabric, it appears in the topology views.
This recipe shows you how to create an HA cluster by adding a backup FortiGate for root FortiGate (External) in the Security Fabric. This will provide redundancy if the primary FortiGate fails.
The HA cluster is now shown in the topology views.
This recipe shows you how to add a FortiManager to provide central management for the FortiGates in the Security Fabric.
The FortiManager does not appear in the topology views, so they remain unchanged.