Security Fabric Collection


The Fortinet Security Fabric links various security sensors and tools together to collect, coordinate, and respond to malicious behavior, in real time, anywhere it occurs on your network.

Below, you will find the Security Fabric Collection: a list of recipes about configuring and using the Security Fabric. By using these recipes in the order listed, you can create a network similar to the one shown above. This collection is a work in progress. Check back regularly for new recipes.

You can find more information about the Security Fabric at the Fortinet Document Library.

Screenshots of the Security Fabric topology views are shown after most of the recipes, to visualize how the network configuration changes. Physical Topology shows all access layer devices, and Logical Topology shows information about the interface (logical or physical) that each device is connected to. To view the complete network, the topology views must be accessed on the root FortiGate in the Security Fabric.

This collection supports the following Fortinet firmware:

  • FortiOS 5.6.0 and higher
  • FortiAnalyzer 5.6.0 and higher
  • FortiSandbox 2.4.0 and higher
  • FortManager 5.6.0 and higher

1. Installing a FortiGate in NAT/Route mode

This recipe shows you how to install a single FortiGate in your network using NAT/Route mode, which is the most commonly used operation mode.

In later recipes, this FortiGate will be the “External” FortiGate in the network, because it is the only FortiGate that directly connects to the Internet, with the other FortiGates located behind it. This role is also known as the edge or gateway FortiGate.

This FortiGate will also be the root FortiGate in the Security Fabric. The root FortiGate receives information from all other FortiGates in the Security Fabric and is used to run the Security Fabric Audit. For more information about this, refer to the next recipe in the collection.

Because a Security Fabric has not yet been created, the Security Fabric topology views have not been included here.

2. Security Fabric installation and audit

This recipe shows you how to add three additional FortiGates to the network, with each functioning as an Internal Segmentation Firewall (ISFW). A FortiAnalyzer is also added to collect and view logs.

After the ISFW FortiGates and FortiAnalyzer are installed, the Security Fabric is configured. External, the FortiGate from the previous recipe, becomes the root FortiGate in the Security Fabric, with the other FortiGates sending their information upstream to External.

All of the FortiGates and the FortiAnalyzer now appear in the Security Fabric topology views, which must be viewed using External. The ISFW FortiGates (Accounting, Sales, and Marketing) are connected to the root FortiGate (External).

Physical topology:

Logical topology:

3. FortiSandbox in the Security Fabric

This recipe shows you how to add a FortiSandbox to the Security Fabric, so that any suspicious files discovered by the FortiGates can be scanned and tested in isolation from the rest of the network.

After the FortiSandbox is added to the Security Fabric, it appears in the topology views.

Physical topology:

Logical topology:

4. High availability with two FortiGates

This recipe shows you how to create an HA cluster by connecting a backup FortiGate to the root FortiGate in the Security Fabric. This will provide redundancy if the root FortiGate, now called External-Primary, fails.

After the HA cluster is created, it appears in the topology views.

Physical topology:

Logical topology:

5. FortiManager in the Security Fabric

This recipe shows you how to add a FortiManager to the Security Fabric. This provides central management of the FortiGates in the Security Fabric.

After the FortiManager is added to the Security Fabric, it appears in the topology views.

Physical topology:

Logical topology:

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
  • Aaron Moorington

    Assuming that I have enough power and ports, can I use only one equipmment as external firewall (NGFW) and as ISFW?

    • Victoria Martin

      Hi Aaron,

      That configuration is possible, however the Security Fabric feature is intended to include multiple FortiGates. Also, please note that VDOMs are not supported for use with a Security Fabric.