Fortinet white logo
Fortinet white logo

Administration Guide

Adding a Security Fabric group

Adding a Security Fabric group

Before you can add a Security Fabric group to FortiAnalyzer, you need to create the Security Fabric group in FortiGate.

Fortinet recommends using a dedicated Super_User administrator account on the FortiGate for FortiAnalyzer access. This ensures that associated log messages are identified as originating from FortiAnalyzer activity. This dedicated Super_User administrator account only needs Read Only access to System Configuration; all other access can be set to None.

Once a Security Fabric group is added in FortiAnalyzer, it can be used to filter other panes, such as Log View and FortiView. You can select the Security Fabric or individual devices in the fabric from the Device filter in those panes.

To add a Security Fabric group:
  1. Go to Device Manager > Unauthorized Devices.
  2. Select all the devices corresponding to the Security Fabric group created in FortiGate.
  3. Authenticate the Security Fabric group by clicking the Warning icon (yellow triangle) beside the corresponding FortiGate root.

  4. Enter the Authentication Credentials. The authentication credentials are the ones you specified in FortiGate. Once the FortiGate root has been authenticated, the Warning icon will disappear.
  5. After authentication, it takes a few minutes for FortiAnalyzer to automatically populate the devices under the FortiGate root which creates the Security Fabric group.

Adding a Security Fabric group

Adding a Security Fabric group

Before you can add a Security Fabric group to FortiAnalyzer, you need to create the Security Fabric group in FortiGate.

Fortinet recommends using a dedicated Super_User administrator account on the FortiGate for FortiAnalyzer access. This ensures that associated log messages are identified as originating from FortiAnalyzer activity. This dedicated Super_User administrator account only needs Read Only access to System Configuration; all other access can be set to None.

Once a Security Fabric group is added in FortiAnalyzer, it can be used to filter other panes, such as Log View and FortiView. You can select the Security Fabric or individual devices in the fabric from the Device filter in those panes.

To add a Security Fabric group:
  1. Go to Device Manager > Unauthorized Devices.
  2. Select all the devices corresponding to the Security Fabric group created in FortiGate.
  3. Authenticate the Security Fabric group by clicking the Warning icon (yellow triangle) beside the corresponding FortiGate root.

  4. Enter the Authentication Credentials. The authentication credentials are the ones you specified in FortiGate. Once the FortiGate root has been authenticated, the Warning icon will disappear.
  5. After authentication, it takes a few minutes for FortiAnalyzer to automatically populate the devices under the FortiGate root which creates the Security Fabric group.