FortiManager in the Fortinet Security Fabric

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

In this recipe, you add a FortiManager to the Security Fabric. This simplifies network administration because you manage all of the FortiGate devices in your network from the FortiManager.

This recipe is in Fortinet Security Fabric Collection. You can also use it as a standalone recipe.

In this example, you add the FortiManager to an existing Security Fabric, with an HA cluster called Edge as the root FortiGate and three internal FortiGates: Accounting, Marketing, and Sales. Network resources, such as a FortiManager, are located on the subnet 192.168.65.x.

Find this recipe for other FortiOS versions
5.4 | 5.6 | 6.0

1. Connecting the FortiManager and Edge

In this example, port 16 on Edge connects to port 4 on the FortiManager.

To configure the interface on the root FortiGate, connect to Edge, go to Network > Interfaces, and edit port 16.

Configure Administrative Access to allow FMG-Access and FortiTelemetry.

To configure the interface on the FortiManager, connect to the FortiManager, go to System Settings > Network, select All Interfaces, and edit port4.

Set IP Address/Netmask to an internal IP address (in the example, 192.168.65.30/255.255.255.0).

Select Routing Table and add a default route for port 4. Set Gateway to the IP address of port 16 on Edge.

If you haven’t already done so, connect the FortiManager and Edge.

2. Allowing the FortiManager to have Internet access

In order to communicate with FortiGuard, the FortiManager requires Internet access.

To create an address for the FortiManager, connect to Edge, go to Policy & Objects > Addresses, and create a new address.

To allow the FortiManager to access the Internet, go to Policy & Objects > IPv4 Policy, and create a new policy.

3. Configuring central management

To enable central management, connect to Edge, go to Security Fabric > Settings, and enable Central Management.

Set Type to FortiManager, Mode to Normal, and set IP/Domain Name to the IP address of port 4 on the FortiManager.

After you select Apply, a message appears stating that the FortiManager received the message and Edge is waiting for management confirmation.

Edge, as the root FortiGate, pushes FortiManager settings to the other FortiGate devices in the Security Fabric. To verify this, connect to Accounting and go to Security Fabric > Settings.

To confirm the management connection, connect to the FortiManager and go to Device Manager > Unregistered Devices. Select the FortiGate devices and select + Add.

Add the FortiGate devices to the FortiManager.

Connect to Edge. A warning message appears stating that the FortiGate is now managed by a FortiManager.

Select Login Read-Only.

Go to Security Fabric > Settings. Under Central Management, the Status is now Registered on FortiManager.

4. Results

The FortiGate devices are on the Managed FortiGate list and appear as part of a Security Fabric group. The * beside Edge indicates that it’s the root FortiGate in the Security Fabric.

Right-click on any of the FortiGate devices and select Fabric Topology. The topology of the Security Fabric is displayed.

For further reading, check out Central Management with FortiManager in the FortiOS 6.0 Online Help.

Victoria Martin

Victoria Martin

Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin