Professional Documents
Culture Documents
Security Fabric
FortiOS 6.2
© Copyright Fortinet Inc. All rights reserved. Last Modified: 2 November 2022
Lesson Overview
4
Why a Security Fabric?
• Many administrators lack visibility of
their network defences, making their
networks more susceptible to
undetected network infiltration
• Network complexity and sophisticated
malware (soon to be augmented by
AI), necessitates a centralized and
holistic approach to security
5
Fortinet End-to-End Solution
Network Endpoint Web Application Advanced
Security Security Security Threat Protection
Multi-Cloud Email Secure Management
Security Security Unified Access & Analytics
Email Threat
Cloud Endpoint Applications Access Protection Analytics
FortiManager
FortiGate FortiSwitch Central Security Management
Cloud Firewall Switching
Network Security Infrastructure
IPS SD-WAN
FortiSIEM
Security Information &
FortiCASB Event Management
SWG VPN
6
Devices That Comprise the Security Fabric
• Core:
• Two or more FortiGate devices + FortiAnalyzer
7
Knowledge Check
1. What is the Fortinet Security Fabric?
A. A Fortinet solution that enables the communication and visibility between devices of your network
B. A device that can manage all your Firewalls
8
Lesson Progress
FortiAnalyzer IP
address
Enable Connect to
upstream FortiGate
Upstream FortiGate IP
Authorize the downstream detects automatically
FortiGate from root FortiGate
13
Authorizing Devices
Root FortiGate
Security Fabric > Settings 1 2
Authorize the downstream
FortiGate from root FortiGate
FortiAnalyzer
Device Manager > Devices 3
Final Authorization on
FortiAnalyzer
14
Split-Task VDOM
• Support for Security Fabric
in split-task VDOM mode
15
Split-Task VDOM (Contd)
Global > Physical Topology root > Physical Topology
16
Device Identification–Agentless vs. Agent
Agentless Agent (FortiClient)
• Useful feature for the Security Fabric • Location and infrastructure independent
topology view
• Requires direct connectivity to FortiGate
• Detection methods:
• HTTP user agent FC
• TCP fingerprinting FortiClient
• MAC address vendor codes FC
• DHCP
• Microsoft Windows browser service (MWBS)
• SIP user agent FortiClient
• Link Layer Discovery Protocol (LLDP)
• Simple Service Discovery Protocol (SSDP)
• QUIC
Agentless
• FortiOS-VM detection Trusted network
• FortiOS-VM vendor ID in IKE messages
• FortiOS-VM vendor ID in FortiGuard web filter
and spam filter requests
.
17
Device Identification (Contd)
Enable Device Detection on interface(s)
18
Knowledge Check
1. What are the two mandatory settings of the Security Fabric configuration?
A. Group name and FortiGate Telemetry
B. Group name and FortiManager IP address
19
Lesson Progress
22
Automation Stitches
AUTOMATION
STITCH Security Fabric > Automation
23
Automated Threat Response
QUARANTINE
24
Automated Threat Response (Contd)
NOTIFICATIONS
Security Fabric > Physical Topology
• Output notifications in
various ways such as
iOS Push or on the GUI
dashboard
• Integrate with IFTTT
and other cloud
services
25
Fabric Connectors
• Security fabric multi-cloud support adds security fabric connectors to the security
fabric configuration
Allow you to integrate
• Amazon Web Services (AWS)
• Microsoft Azure
• Oracle Cloud Infrastructure (OCI)
• Google Cloud Platform (GCP)
26
The Security Fabric Status Widget
Dashboard > Status > Security Fabric widget
27
The Security Rating Widget
Dashboard > Status > Security Rating widget
28
FortiMail Stats Widget
• Mail statistics from FortiMail Dashboard > Status > FortiMail Stats widget
29
Knowledge Check
1. Why should an administrator extend the Security Fabric to other devices?
A. To provide a single pane of glass for management and reporting purposes
B. To eliminate the need to purchase licenses for FortiGate devices in the Security Fabric
30
Lesson Progress
Identifies
critical
security gaps
33
FortiGuard Security Rating Service
Different customer
Initial state FortiGates with improved
ratings
34
Topology Views
Security Fabric > Physical Topology
• Authorize or deauthorize
access devices (FortiSwitch,
FortiAPs)
• Ban or unban compromised
clients
Right-click, Login to the
• Some device management device or Deauthorize
tasks:
• Login
• Deauthrize
35
Topology Views (Contd)
Security Fabric > Physical Topology
36
Knowledge Check
1. Which of the following does Security Rating identify as critical security gap ?
A. A simple password policy
B. A vulnerability detected on an endpoint device
2. From which view can an administrator deauthorize a device from the Security
Fabric?
A. From the physical topology view
B. From the Fortiview
37
Lesson Progress