The Security Fabric is an enterprise solution which enables security professionals gain an view over their network infrastructure and centrally manage their cyber defense solutions.
When different vendor security solutions are implemented on a network, security professionals can experience challenges on visibility on their own cyber defenses.
Requires a minimum of 2 FortiGate devices at the core and 1 FortiAnalyzer.
When Security Fabric is active, synchronization is enabled by default.
Root FortiGate
Enable the Security Fabric Connection. The Security Fabric Connection should be enabled on the relevant interfaces.
Next, enable the Security Fabric connector.
Select Serve as Fabric Root
Then, configure for FortiAnalyzer for logging
Downstream devices
Enable the Security Fabric Connection on the relevant interfaces.
Next, enable the Security Fabric Connection and select the Join Existing Fabric option.
Then, specify the IP address of the Root FortiGate.
Back on the Root FortiGate
Ensure you authorize all the downstream devices.
On the root FortiGate, go to Security Fabric > Fabric Connector
Agent
Use the FortiClient.
It's based on the location and infrastructure independent.
Agentless
This method is useful for the topology view.
Requires direct connectivity to the FortiGate device.
To enable device identification, go to Network > Interfaces > enable Device Detection.
The new device will be shown in, Security Fabric > Logical Topology
Go to, Security Fabric > Automation
Can be used to automate tasks by creating Triggers and Actions.
The automation feature is configured on the Root FortiGate.
Additionally, external connectors can be used to integrate AWS, Azure, GCP and Oracle Cloud Infrastructure (OCI).
Shows a summary of areas of security focus.
Provides overall view of the security posture.
To view the score card, go to Security Fabric > Security Rating > Security Posture.
Security checks run every 4 hours by default.