SF - Security Fabric

Security Fabric (SF) spans across an entire network linking different security sensors and tools together to collect, coordinate, and respond to malicious behavior in real time. SF can be used to coordinate the behavior of different Fortinet products in your network, including FortiGate, FortiAnalyzer, FortiClient, FortiSandbox, FortiAP, FortiSwitch, and FortiClient Enterprise Management Server (EMS). SF supports FortiOS 5.4.1+, FortiSwitchOS 3.3+, and FortiClient 5.4.1+.

Port TCP/8009 is the port FortiGate uses for incoming traffic from the FortiClient Portal, as user information (such as IP address, MAC address, avatar, and other profile information) is automatically synchronized to the FortiGate and EMS.

 

The brief example below assumes that FortiTelemetry has been enabled on the top-level FortiGate (FGT1), OSPF routing has been configured, and that policies have been created for all FortiGate units to access the Internet.

For more details on how to configure a security fabric between FortiGate units, see Installing internal FortiGates and enabling a security fabric on the Fortinet Cookbook website.

Enabling SF on the FortiGate:

  1. On the upstream FortiGate (FGT1), go to Security Fabric > Settings and enable FortiGate Telemetry.
  2. Enter a Group name and Group password for the fabric.
  3. On a downstream FortiGate (such as FGT2 or FGT3), configure the same fabric settings as were set on FGT1.
  4. Enable Connect to upstream FortiGate.

    Be sure you do not enable this on the topmost-level FortiGate (in this example, FGT1).
  5. In FortiGate IP, enter the FGT1 interface that has FortiTelemetry enabled. The FortiTelemetry port (set to 8013) can be changed as required.

 

Once set up, you can view your network's SF configuration under FortiView through two topology dashboards.

  1. On top-level FortiGate, go to Security Fabric > Physical Topology. This dashboard shows a vizualization of all access layer devices in the fabric.

  1. Go to Security Fabric > Logical Topology to view information about the interfaces (logical or physical) that each device in the fabric is connected to.

Other SF configurations for your network are available through the Fortinet Cookbook Security Fabric Collection page.