This collection of related recipes shows how to configure a Security Fabric throughout your network, using a range of Fortinet products. This security fabric will link different security sensors and tools together to collect, coordinate, and respond to malicious behavior anywhere it occurs on your network in real time.
Below, you will find links to a number of Cookbook recipes. By using these recipes in the listed order, you can create a network similar to the one shown above.
This collection is a work-in-progress. Check back to see what new recipes have been added.
Between most steps are screenshots showing the FortiView Topology dashboards, which can be seen in the video above. These dashboards display the devices that make up your cooperative security fabric. The Physical Topology dashboard shows all access layer devices, while the Logical Topology dashboard displays information about the interface (logical or physical) that each device is connected to.
This collection is supported for the following Fortinet firmware:
- FortiOS 5.6.0+
- FortiAnalyzer 5.6.0+
- FortiSandbox 2.4.0+
In this recipe, you install the initial FortiGate, which will later be used as the root FortiGate (also known as the upstream FortiGate) in the security fabric.
Because the Security Fabric has not yet been enabled, the FortiView topology dashboards are not yet available.
In this recipe, three additional FortiGates are added to the network as Internal Segmentation Firewalls (ISFWs). A FortiAnalyzer is also added to the network to collect and view logs. Once the devices are installed, a security fabric is set up between them and the root FortiGate which was installed in the network previously.
In the example network, the Internet-facing FortiGate is called External, with three additional FortiGates, called Accounting, Marketing, and Sales. The FortiGates all appear in the FortiView topology on the External FortiGate, along with the FortiAnalyzer.
In this recipe, a FortiSandbox is added to the Security Fabric, so that any suspicious files discovered by the FortiGates can be be scanned and tested in isolation from the rest of the network.
The FortiSandbox now appears in the FortiView topology.