The Fortinet Security Fabric links various security sensors and tools together to collect, coordinate, and respond to malicious behavior, in real time, anywhere it occurs on your network.
Below, you can find the Security Fabric Collection, which is a list of recipes about configuring and using the Security Fabric. By using these recipes in the order listed, you can create a network similar to the one shown above. This collection is a work in progress. Check back regularly for new recipes.
If you encounter any issues while configuring your Security Fabric, check out Security Fabric troubleshooting. You can also find more information about the Security Fabric at the Fortinet Document Library.
Screenshots of the Security Fabric topology views are shown after recipes when applicable, so you can see how the network configuration changes. Physical Topology shows all access layer devices, and Logical Topology shows information about the interface (logical or physical) that each device is connected to. To view the complete network, you must access the topology views using the root FortiGate in the Security Fabric.
This collection supports the following Fortinet firmware:
- FortiOS 6.0.0 and higher
- FortiAnalyzer 6.0.0 and higher
- FortiSandbox 2.5.0 and higher
This recipe shows you how to install a single FortiGate in your network using NAT/Route mode, which is the most commonly used operation mode.
In later recipes, this FortiGate will be called “Edge,” because it’s the only FortiGate that connects directly to the Internet, with the other FortiGate devices located behind it. This role is also known as the gateway FortiGate.
This FortiGate will also be the root FortiGate in the Security Fabric. The root FortiGate receives information from all other FortiGates in the Security Fabric and is used for the Security Rating. For more information about this, refer to the next recipe in the collection.
This recipe shows you how to add three additional FortiGate devices to the network, with each functioning as an Internal Segmentation Firewall (ISFW). A FortiAnalyzer is also added to collect and view logs.
After the ISFW FortiGate devices and FortiAnalyzer are installed, the Security Fabric is configured. Edge, the FortiGate from the previous recipe, becomes the root FortiGate in the Security Fabric, with the other FortiGates sending their information upstream to Edge.
All of the FortiGate devices and the FortiAnalyzer now appear in the Security Fabric topology views, which you must view using Edge. The ISFW FortiGates (Accounting, Sales, and Marketing) are connected to the root FortiGate (Edge).
This recipe shows you how to run a Security Rating check, which analyzes your Security Fabric deployment to identify potential vulnerabilities and highlight best practices.
This recipe shows you how to add a FortiSandbox to the Security Fabric, so that any suspicious files that the FortiGate devices discover can be scanned and tested in isolation from the rest of the network.
After the FortiSandbox is added to the Security Fabric, it appears in the topology views.
This recipe shows you how to create an HA cluster by connecting a backup FortiGate to the root FortiGate in the Security Fabric. This provides redundancy if the root FortiGate, now called Edge-Primary, fails.
After the HA cluster is created, it appears in the topology views.
This recipe shows you how to configure Automation stitches for your Security Fabric. Each Automation pairs an event trigger and one or more actions, which allows you to monitor your network and take appropriate action when the Security Fabric detects a threat.