Fortinet black logo

New Features

Simplify FortiGate Pairing

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:328491
Download PDF

Simplify FortiGate Pairing

In 6.2, pairing of FortiAnalyzer with a Security Fabric is even simpler - in 6.0, full pairing required FortiGate admin authorization before enabling some callback functions. In 6.2, this is simplified by using certificate verification, allowing the FortiGate admin to pre-authorize access.

To pair a standalone FortiGate with FortiAnalyzer:
  1. On FortiGate, go to Security Fabric > Settings.
  2. Enable FortiAnalyzer Logging by moving the toggle to the On position.
  3. Enter the IP address of the FortiAnalyzer.
  4. Enable Allow access to FortiGate REST API.
  5. Enable Trust FortiAnalyzer by serial number.
  6. Select Apply.
    A window will appear on the right which automatically retrieves and displays the FortiAnalyzer serial number.

  7. Confirm that the serial number is correct, then select OK. The serial number is saved in the CMDB and displayed in the Security Fabric > Settings page.

  8. Once FGT and FAZ have been paired, FAZ will access the FGT REST API without the need to input the FGT username and password in the FAZ Device Manager.
To pair a root FortiGate with FortiAnalyzer:
  1. On the Security Fabric root FortiGate, go to Security Fabric > Settings.
  2. Enable FortiAnalyzer Logging by moving the toggle to the On position.
  3. Enter the IP address of the FortiAnalyzer.
  4. Enable Allow access to FortiGate REST API.
  5. Enable Trust FortiAnalyzer by serial number.
  6. Select Apply.
    A window will appear on the right which automatically retrieves and displays the FortiAnalyzer serial number.

  7. Confirm that the serial number is correct, then select OK. The serial number is saved in the CMDB and displayed in the Security Fabric > Settings page.

  8. Once the root FGT and FAZ have been paired, the Security Fabric will be formed automatically in the FAZ Device Manager without needing to configure the FGT username and password.

To correct a serial number mismatch:
  1. If the FAZ serial number does not match the one configured through the FortiGate, the FGT will fail to connect with the FAZ and logs will not be sent. If this occurs, disable REST API Certificate Verification using the following CLI command on the FortiGate:
    config log fortianalyzer setting
    
            set certificate-verification disable
  2. In the FAZ Device Manager, input the FGT username and password to authenticate FGT REST API access.

Simplify FortiGate Pairing

In 6.2, pairing of FortiAnalyzer with a Security Fabric is even simpler - in 6.0, full pairing required FortiGate admin authorization before enabling some callback functions. In 6.2, this is simplified by using certificate verification, allowing the FortiGate admin to pre-authorize access.

To pair a standalone FortiGate with FortiAnalyzer:
  1. On FortiGate, go to Security Fabric > Settings.
  2. Enable FortiAnalyzer Logging by moving the toggle to the On position.
  3. Enter the IP address of the FortiAnalyzer.
  4. Enable Allow access to FortiGate REST API.
  5. Enable Trust FortiAnalyzer by serial number.
  6. Select Apply.
    A window will appear on the right which automatically retrieves and displays the FortiAnalyzer serial number.

  7. Confirm that the serial number is correct, then select OK. The serial number is saved in the CMDB and displayed in the Security Fabric > Settings page.

  8. Once FGT and FAZ have been paired, FAZ will access the FGT REST API without the need to input the FGT username and password in the FAZ Device Manager.
To pair a root FortiGate with FortiAnalyzer:
  1. On the Security Fabric root FortiGate, go to Security Fabric > Settings.
  2. Enable FortiAnalyzer Logging by moving the toggle to the On position.
  3. Enter the IP address of the FortiAnalyzer.
  4. Enable Allow access to FortiGate REST API.
  5. Enable Trust FortiAnalyzer by serial number.
  6. Select Apply.
    A window will appear on the right which automatically retrieves and displays the FortiAnalyzer serial number.

  7. Confirm that the serial number is correct, then select OK. The serial number is saved in the CMDB and displayed in the Security Fabric > Settings page.

  8. Once the root FGT and FAZ have been paired, the Security Fabric will be formed automatically in the FAZ Device Manager without needing to configure the FGT username and password.

To correct a serial number mismatch:
  1. If the FAZ serial number does not match the one configured through the FortiGate, the FGT will fail to connect with the FAZ and logs will not be sent. If this occurs, disable REST API Certificate Verification using the following CLI command on the FortiGate:
    config log fortianalyzer setting
    
            set certificate-verification disable
  2. In the FAZ Device Manager, input the FGT username and password to authenticate FGT REST API access.