The Fortinet Security Fabric links various security sensors and tools together to collect, coordinate, and respond to malicious behavior, in real time, anywhere it occurs on your network.
Below, you will find the Security Fabric Collection: a list of recipes about configuring and using the Security Fabric. By using these recipes in the order listed, you can create a network similar to the one shown above. This collection is a work in progress. Check back regularly for new recipes.
If you encounter any issues while configuring your Security Fabric, check out Security Fabric troubleshooting. You can also find more information about the Security Fabric at the Fortinet Document Library.
Screenshots of the Security Fabric topology views are shown after most of the recipes, to visualize how the network configuration changes. Physical Topology shows all access layer devices, and Logical Topology shows information about the interface (logical or physical) that each device is connected to. To view the complete network, the topology views must be accessed on the root FortiGate in the Security Fabric.
This collection supports the following Fortinet firmware:
- FortiOS 5.6.0 and higher
- FortiAnalyzer 5.6.0 and higher
- FortiSandbox 2.4.0 and higher
- FortManager 5.6.0 and higher
This recipe shows you how to install a single FortiGate in your network using NAT/Route mode, which is the most commonly used operation mode.
In later recipes, this FortiGate will be the “External” FortiGate in the network, because it is the only FortiGate that directly connects to the Internet, with the other FortiGates located behind it. This role is also known as the edge or gateway FortiGate.
This FortiGate will also be the root FortiGate in the Security Fabric. The root FortiGate receives information from all other FortiGates in the Security Fabric and is used to run the Security Fabric Audit. For more information about this, refer to the next recipe in the collection.
Because a Security Fabric has not yet been created, the Security Fabric topology views have not been included here.
This recipe shows you how to add three additional FortiGates to the network, with each functioning as an Internal Segmentation Firewall (ISFW). A FortiAnalyzer is also added to collect and view logs.
After the ISFW FortiGates and FortiAnalyzer are installed, the Security Fabric is configured. External, the FortiGate from the previous recipe, becomes the root FortiGate in the Security Fabric, with the other FortiGates sending their information upstream to External.
All of the FortiGates and the FortiAnalyzer now appear in the Security Fabric topology views, which must be viewed using External. The ISFW FortiGates (Accounting, Sales, and Marketing) are connected to the root FortiGate (External).
This recipe shows you how to add a FortiSandbox to the Security Fabric, so that any suspicious files discovered by the FortiGates can be scanned and tested in isolation from the rest of the network.
After the FortiSandbox is added to the Security Fabric, it appears in the topology views.
This recipe shows you how to create an HA cluster by connecting a backup FortiGate to the root FortiGate in the Security Fabric. This will provide redundancy if the root FortiGate, now called External-Primary, fails.
After the HA cluster is created, it appears in the topology views.
This recipe shows you how to add a FortiManager to the Security Fabric. This provides central management of the FortiGates in the Security Fabric.
After the FortiManager is added to the Security Fabric, it appears in the topology views.
This recipe shows you how to allow FortiTelemetry traffic to flow over an existing IPsec VPN site-to-site tunnel between two FortiGates, in order to add a remote FortiGate (Branch) to your Security Fabric.
After Branch is added to the Security Fabric, it appears in the topology views, connecting through the IPsec VPN tunnel.