Tags in the Fortinet Security Fabric

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

In this recipe, you create tag categories and tags for your network. By applying these tags to different devices, interfaces, and addresses, you identify the location and function of each part of your Security Fabric and increase network visibility.

This recipe is in the Fortinet Security Fabric Collection. You can also use it as a standalone recipe.

1. Creating tag categories and tags

In this example, you use tags to identify the following things about devices in the Security Fabric:

  • Physical location
  • Department
  • Network administrators

To create the tag category for physical location, connect to Edge and go to System > Tags.

Set Tag Category to Location. Because each device in the network can only have one location, disable Allow multiple tag selection.

Add Tags for the first floor, second floor, and third floor.

Under Tag Scope, set Device to Mandatory.

For the department tag, enable Allow multiple tag selection.

Add Tags for the following departments: Accounting, Marketing, Sales, and Admin.

Under Tag Scope, set Interface to Mandatory and set Device to Mandatory. Because the FortiGate configuration includes default addresses, set Address to Optional.

For the network administrators tag, enable Allow multiple tag selection.

Add Tags for Robert and Lisa.

Under Tag Scope, set Device to Mandatory.

Because the configuration of tag categories and tags isn’t synchronized across  the Security Fabric, you must connect to each FortiGate device separately and add the appropriate tags for the part of your network that uses that FortiGate.

Connect to Accounting and repeat the previous steps to create the tags that are shown.

2. Applying tags to devices, interfaces, and addresses

To apply tags to devices in your network, go to User & Device > Device Inventory.

Edit the Accounting FortiGate.

Under Tags, add the following tags:

  • For Department, add the Accounting tag
  • For Location, add the Third floor tag 
  • For Network administrators, add the Robert and Lisa tags
Edit all other devices listed and apply the appropriate tags for department, location, and administrators.

To apply tags to interfaces in your network, go to Network > Interfaces. Edit the interface that connects Edge and Accounting (in the example, port10).

Under Tags, set Department to Accounting.

Edit all other interfaces and apply the appropriate tag for department.

To apply tags to addresses in your network, go to Policy & Objects > Addresses. Edit the address for the Accounting subnet.

Under Tags, set Department to Accounting.

 Edit all other addresses and apply the appropriate tag for department.

To apply tags to devices in on the accounting network, connect to Accounting and go to User & Device > Device Inventory.

Edit a computer on this network.

Under Tags, add the following tags:

  • For Department, add the Accounting tag 
  • For Location, add the Third floor tag 
  • For Network administrators, add the Robert tag
Apply the appropriate tags to other devices, interfaces, and addresses on this network.

4. Results

To sort devices and interfaces by tags, connect to Edge and go to Security Fabric > Logical Topology.

In the Search field, enter Robert. The devices that have the Robert tag are highlighted.

To view more information about a highlighted device, including tags, hover over that device in the topology. The Robert tag is highlighted.

 

Victoria Martin

Victoria Martin

Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin