Fortinet black logo

Cookbook

Home FortiGate / FortiOS 6.0.0 Cookbook

Configuring Edge

6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:179964
Download PDF

Configuring Edge

In the Security Fabric, Edge is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric.

In the example, the following interfaces on Edge connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when Edge was installed)
  • Port 10 connects to Accounting (IP address: 192.168.10.2)
  • Port 11 connects to Marketing (IP address: 192.168.200.2)
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2)

  1. To edit port 10 on Edge, go to Network > Interfaces. Set an IP/Network Mask for the interface (in the example, 192.168.10.2/255.255.255.0).

  2. Set Administrative Access to allow FortiTelemetry, which is required so that FortiGate devices in the Security Fabric can communicate with each other.

  3. Repeat the previous steps to configure the other interfaces with the appropriate IP addresses, as listed above.

  4. To create a policy for traffic from Accounting to the Internet, go to Policy & Objects > IPv4 Policy and select Create New.

  5. Set Incoming Interface to port 10 and Outgoing Interface to port 9.

  6. Enable NAT.

  7. Repeat the previous steps to create a similar policy for Marketing.

  8. On Edge, go to System > Feature Select. Under Additional Features, enable Multiple Interface Policies.

  9. To create a policy that allows Accounting and Marketing to access the FortiAnalyzer, go to Policy & Objects > IPv4 Policy.

  10. To enable communication between the FortiGate devices in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry. Set a Group name and Group password (the Group password option isn’t available isn’t available in FortiOS 6.0.3 and later).

  11. FortiAnalyzer Logging is enabled by default. Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in the example, 192.168.65.10). Set Upload option to Real Time.

  12. Select Test Connectivity. An error appears because the FortiGate isn’t yet authorized on the FortiAnalyzer. This authorization is configured in a later step.

Previous
Next

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 7,628 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,676 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 882 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,343 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,363 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,382 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 866 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,843 views
  • 5 years ago

Configuring Edge

In the Security Fabric, Edge is the root FortiGate. This FortiGate receives information from the other FortiGates in the Security Fabric.

In the example, the following interfaces on Edge connect to other network devices:

  • Port 9 connects to the Internet (this interface was configured when Edge was installed)
  • Port 10 connects to Accounting (IP address: 192.168.10.2)
  • Port 11 connects to Marketing (IP address: 192.168.200.2)
  • Port 16 connects to the FortiAnalyzer (IP address: 192.168.55.2)

  1. To edit port 10 on Edge, go to Network > Interfaces. Set an IP/Network Mask for the interface (in the example, 192.168.10.2/255.255.255.0).

  2. Set Administrative Access to allow FortiTelemetry, which is required so that FortiGate devices in the Security Fabric can communicate with each other.

  3. Repeat the previous steps to configure the other interfaces with the appropriate IP addresses, as listed above.

  4. To create a policy for traffic from Accounting to the Internet, go to Policy & Objects > IPv4 Policy and select Create New.

  5. Set Incoming Interface to port 10 and Outgoing Interface to port 9.

  6. Enable NAT.

  7. Repeat the previous steps to create a similar policy for Marketing.

  8. On Edge, go to System > Feature Select. Under Additional Features, enable Multiple Interface Policies.

  9. To create a policy that allows Accounting and Marketing to access the FortiAnalyzer, go to Policy & Objects > IPv4 Policy.

  10. To enable communication between the FortiGate devices in the Security Fabric, go to Security Fabric > Settings and enable FortiGate Telemetry. Set a Group name and Group password (the Group password option isn’t available isn’t available in FortiOS 6.0.3 and later).

  11. FortiAnalyzer Logging is enabled by default. Set IP address to an internal address that will later be assigned to port 1 on the FortiAnalyzer (in the example, 192.168.65.10). Set Upload option to Real Time.

  12. Select Test Connectivity. An error appears because the FortiGate isn’t yet authorized on the FortiAnalyzer. This authorization is configured in a later step.

Previous
Next