FortiOS 6.0 Getting Started: Tags in the Fortinet Security Fabric

1. Creating tag categories and tags

In this example, you use tags to identify the following things about devices in the Security Fabric:

• Physical location
• Department
• Network administrators

To create the tag category for physical location, connect to Edge and go to System > Tags.

Set Tag Category to Location. Because each device in the network can only have one location, disable Allow multiple tag selection.

Add Tags for the first floor, second floor, and third floor.

Under Tag Scope, set Device to Mandatory.

For the department tag, enable Allow multiple tag selection.

Add Tags for the following departments: Accounting, Marketing, Sales, and Admin.

Under Tag Scope, set Interface to Mandatory and set Device to Mandatory. Because the FortiGate configuration includes default addresses, set Address to Optional.

For the network administrators tag, enable Allow multiple tag selection.

Add Tags for Robert and Lisa.

Under Tag Scope, set Device to Mandatory.

Because the configuration of tag categories and tags isn’t synchronized across  the Security Fabric, you must connect to each FortiGate device separately and add the appropriate tags for the part of your network that uses that FortiGate.

Connect to Accounting and repeat the previous steps to create the tags that are shown.

2. Applying tags to devices, interfaces, and addresses

To apply tags to devices in your network, go to User & Device > Device Inventory.

Edit the Accounting FortiGate.

Under Tags, add the following tags:

• For Department, add the Accounting tag
• For Location, add the Third floor tag
• For Network administrators, add the Robert and Lisa tags

Edit all other devices listed and apply the appropriate tags for department, location, and administrators.

To apply tags to interfaces in your network, go to Network > Interfaces. Edit the interface that connects Edge and Accounting (in the example, port10).

Under Tags, set Department to Accounting.

Edit all other interfaces and apply the appropriate tag for department.

To apply tags to addresses in your network, go to Policy & Objects > Addresses. Edit the address for the Accounting subnet.

Under Tags, set Department to Accounting.

Edit all other addresses and apply the appropriate tag for department.

To apply tags to devices in on the accounting network, connect to Accounting and go to User & Device > Device Inventory.

Edit a computer on this network.

Under Tags, add the following tags:

• For Department, add the Accounting tag
• For Location, add the Third floor tag
• For Network administrators, add the Robert tag

Apply the appropriate tags to other devices, interfaces, and addresses on this network.

4. Results

To sort devices and interfaces by tags, connect to Edge and go to Security Fabric > Logical Topology.

In the Search field, enter Robert. The devices that have the Robert tag are highlighted.

To view more information about a highlighted device, including tags, hover over that device in the topology. The Robert tag is highlighted