FortiOS 6.0 Getting Started: FortiManager in the Fortinet Security Fabric

In this example, you add the FortiManager to an existing Security Fabric, with an HA cluster called Edge as the root FortiGate and three internal FortiGates: Accounting, Marketing, and Sales. Network resources, such as a FortiManager, are located on the subnet 192.168.65.x.

1. Connecting the FortiManager and Edge

In this example, port 16 on Edge connects to port 4 on the FortiManager.

To configure the interface on the root FortiGate, connect to Edge, go to Network > Interfaces, and edit port 16.

Configure Administrative Access to allow FMG-Access and FortiTelemetry.

To configure the interface on the FortiManager, connect to the FortiManager, go to System Settings > Network, select All Interfaces, and edit port4.

Set IP Address/Netmask to an internal IP address (in the example, 192.168.65.30/255.255.255.0).

Select Routing Table and add a default route for port 4. Set Gateway to the IP address of port 16 on Edge.

If you haven’t already done so, connect the FortiManager and Edge.

2. Allowing the FortiManager to have Internet access

In order to communicate with FortiGuard, the FortiManager requires Internet access.

To create an address for the FortiManager, connect to Edge, go to Policy & Objects > Addresses, and create a new address.

To allow the FortiManager to access the Internet, go to Policy & Objects > IPv4 Policy, and create a new policy.

3. Configuring central management

To enable central management, connect to Edge, go to Security Fabric > Settings, and enable Central Management.

Set Type to FortiManager, Mode to Normal, and set IP/Domain Name to the IP address of port 4 on the FortiManager.

After you select Apply, a message appears stating that the FortiManager received the message and Edge is waiting for management confirmation.

Edge, as the root FortiGate, pushes FortiManager settings to the other FortiGate devices in the Security Fabric. To verify this, connect to Accounting and go to Security Fabric > Settings.

To confirm the management connection, connect to the FortiManager and go to Device Manager > Unregistered Devices. Select the FortiGate devices and select + Add.

Add the FortiGate devices to the FortiManager.

Connect to Edge. A warning message appears stating that the FortiGate is now managed by a FortiManager.

Select Login Read-Only.

Go to Security Fabric > Settings. Under Central Management, the Status is now Registered on FortiManager.

4. Results

The FortiGate devices are on the Managed FortiGate list and appear as part of a Security Fabric group. The beside Edge indicates that it’s the root FortiGate in the Security Fabric.

Right-click on any of the FortiGate devices and select Fabric Topology. The topology of the Security Fabric is displayed.