Fortinet black logo

Handbook

Components

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:28113
Download PDF

Components

The Fortinet Security Fabric consists of various components that work together to form the Security Fabric that secures your organization’s network. The following diagram shows an example Security Fabric that contains both required and recommended Fortinet products:

Devices in the Security Fabric

The Security Fabric implementation consists of:

Required devices

The following table shows devices that are required in the Fortinet Security Fabric:

Device

Description

FortiGate

FortiGate is a next-generation firewall (NGFW) that provides enterprise-class protection against network, content, and application-level threats.

FortiGate devices are the core of the Security Fabric and can have one of the following roles in the Security Fabric:

  • Root FortiGate: The root FortiGate is the main component in the Security Fabric. It is typically located on the edge of the network and connects the internal devices and networks to the Internet through your ISP. From the root FortiGate, you can see information about the entire Security Fabric from the Physical and Logical Topology pages in the Security Fabric menu.
  • Internal Segmentation Firewall (ISFW): After a root FortiGate is installed, all other FortiGate devices in the Security Fabric act as ISFWs. An ISFW is a firewall that is located at strategic points in your internal network, rather than on the network edge. This allows extra security measures to be taken around key network components, such as servers that contain valuable intellectual property. ISFW FortiGate devices create network visibility by sending traffic and information about the devices that are connected to them to the root FortiGate.

FortiAnalyzer

FortiAnalyzer collects, analyzes, and correlates log data from Fortinet devices throughout your organization’s network, and allows you to view all firewall traffic and generate reports from a single console.

FortiAnalyzer gives you increased visibility into your organization’s network and simplifies network logging by storing and displaying all log information in one place. It provides centralized monitoring and awareness of threats, events, and network activity by collecting and correlating logs from Security Fabric devices, such as FortiGate, FortiClient, FortiSandbox, FortiWeb, and FortiMail. This gives you a deeper and more comprehensive view across your entire Security Fabric. You can use the robust security alert information and real-time threat intelligence that FortiAnalyzer provides to quickly identify and respond to security threats across your organization’s network.

Recommended devices

The following table shows devices that Fortinet recommends you have in the Fortinet Security Fabric:

Device

Description

FortiAP

FortiAP is a wireless access point that provides integrated, secure, identity-driven wireless LAN access for your organization’s network.

You can add FortiAP devices to extend the Security Fabric to your wireless devices. Devices connected to a FortiAP appear in the Physical and Logical Topology pages in the Security Fabric menu.

FortiClient

FortiClient adds endpoint control to devices that are located in the Security Fabric, allowing only traffic from compliant devices to flow through the FortiGate. This is done through FortiClient compliance profiles.

In the Security Fabric, FortiClient compliance profiles are applied by the first FortiGate that a device’s traffic flows through. This is often an ISFW FortiGate. Device registration and on-net status information for a device that is running FortiClient appears only on the FortiGate that applies the FortiClient profile to the device.

FortiClient EMS

FortiClient Enterprise Management Server (EMS) is a security management solution that provides scalable and centralized management of multiple endpoint devices.

FortiClient EMS is used in the Security Fabric to provide visibility across your network, to securely share information, and assign security profiles to endpoints.

FortiMail

FortiMail is a secure email gateway that uses various threat prevention methods, including antispam, antimalware, sandboxing, and anomaly detection.

FortiMail integrates with other Fortinet products, as well as third-party virtual and cloud platforms, to help establish a seamless Security Fabric across the entire attack surface. FortiMail anti-spam processing helps offload other devices in the Security Fabric that would typically carry out this process.

FortiManager

FortiManager is an easy-to-use, single pane of glass management console, that gives you total visibility, full control, and complete protection of your organization’s network.

Using the FortiManager in the Security Fabric allows you to simplify the network management of devices in the Security Fabric by centralizing management access in a single device. This allows you to easily control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for devices in the Security Fabric.

FortiSandbox

FortiSandbox is an advanced threat protection appliance that improves your security architecture by identifying and validating threats in a separate, secure environment.

You can add FortiSandbox to your Security Fabric to improve security with sandbox inspection. Sandbox integration allows FortiGate devices in the Security Fabric to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list.

FortiSwitch

FortiSwitch is a secure access switch that can be integrated into the Fortinet Security Fabric through the FortiLink protocol. FortiLink allows FortiSwitch ports to become logical extensions of the FortiGate. This allows the FortiGate to auto-discover a connected FortiSwitch for provisioning, including the attachment of policy to ports or VLANs. With an integrated access layer, the FortiGate provides consolidated visibility and reporting with Physical and Logical Topology views of the Security Fabric in the Security Fabric menu.

You can add a FortiSwitch to the Security Fabric when it is managed by a FortiGate within the Security Fabric, and connected to an interface that uses FortiTelemetry.

Devices connected to the FortiSwitch appear in the Physical and Logical Topology pages in the Security Fabric menu, and security features, such as FortiClient compliance profiles, are applied to them.

FortiWeb

FortiWeb is a web application firewall that protects hosted web applications from attacks that target known and unknown exploits.

In the Security Fabric, FortiWeb defends the application attack surface from attacks that target application exploits. You can also configure FortiWeb to apply web application firewall features, virus scanning, and web filtering to HTTP traffic to help offload other devices in the Security Fabric that would typically carry out these processes.

Optional devices

The following table shows devices that are optional in the Fortinet Security Fabric:

Device

Description

Other Fortinet products

Many other Fortinet products can be added to the Security Fabric, including FortiAuthenticator, FortiToken, FortiCache, and FortiSIEM.

Third-party products

Third-party products that belong to the Fortinet Fabric-Ready Partner Program.

Related Videos

sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 1: Introduction

  • 7,615 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 2: Asset Tagging

  • 1,672 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 3: Compromised Hosts Management

  • 880 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 4: Connectors

  • 1,339 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 5: SSO and Identity Connectors

  • 1,358 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 6: Automation

  • 1,379 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 7: Automation: AWS Lambda and Gener

  • 865 views
  • 5 years ago
sidebar video

Fortinet Security Fabric 6.0.0 Series - Part 8: Security Rating

  • 1,839 views
  • 5 years ago

Components

The Fortinet Security Fabric consists of various components that work together to form the Security Fabric that secures your organization’s network. The following diagram shows an example Security Fabric that contains both required and recommended Fortinet products:

Devices in the Security Fabric

The Security Fabric implementation consists of:

Required devices

The following table shows devices that are required in the Fortinet Security Fabric:

Device

Description

FortiGate

FortiGate is a next-generation firewall (NGFW) that provides enterprise-class protection against network, content, and application-level threats.

FortiGate devices are the core of the Security Fabric and can have one of the following roles in the Security Fabric:

  • Root FortiGate: The root FortiGate is the main component in the Security Fabric. It is typically located on the edge of the network and connects the internal devices and networks to the Internet through your ISP. From the root FortiGate, you can see information about the entire Security Fabric from the Physical and Logical Topology pages in the Security Fabric menu.
  • Internal Segmentation Firewall (ISFW): After a root FortiGate is installed, all other FortiGate devices in the Security Fabric act as ISFWs. An ISFW is a firewall that is located at strategic points in your internal network, rather than on the network edge. This allows extra security measures to be taken around key network components, such as servers that contain valuable intellectual property. ISFW FortiGate devices create network visibility by sending traffic and information about the devices that are connected to them to the root FortiGate.

FortiAnalyzer

FortiAnalyzer collects, analyzes, and correlates log data from Fortinet devices throughout your organization’s network, and allows you to view all firewall traffic and generate reports from a single console.

FortiAnalyzer gives you increased visibility into your organization’s network and simplifies network logging by storing and displaying all log information in one place. It provides centralized monitoring and awareness of threats, events, and network activity by collecting and correlating logs from Security Fabric devices, such as FortiGate, FortiClient, FortiSandbox, FortiWeb, and FortiMail. This gives you a deeper and more comprehensive view across your entire Security Fabric. You can use the robust security alert information and real-time threat intelligence that FortiAnalyzer provides to quickly identify and respond to security threats across your organization’s network.

Recommended devices

The following table shows devices that Fortinet recommends you have in the Fortinet Security Fabric:

Device

Description

FortiAP

FortiAP is a wireless access point that provides integrated, secure, identity-driven wireless LAN access for your organization’s network.

You can add FortiAP devices to extend the Security Fabric to your wireless devices. Devices connected to a FortiAP appear in the Physical and Logical Topology pages in the Security Fabric menu.

FortiClient

FortiClient adds endpoint control to devices that are located in the Security Fabric, allowing only traffic from compliant devices to flow through the FortiGate. This is done through FortiClient compliance profiles.

In the Security Fabric, FortiClient compliance profiles are applied by the first FortiGate that a device’s traffic flows through. This is often an ISFW FortiGate. Device registration and on-net status information for a device that is running FortiClient appears only on the FortiGate that applies the FortiClient profile to the device.

FortiClient EMS

FortiClient Enterprise Management Server (EMS) is a security management solution that provides scalable and centralized management of multiple endpoint devices.

FortiClient EMS is used in the Security Fabric to provide visibility across your network, to securely share information, and assign security profiles to endpoints.

FortiMail

FortiMail is a secure email gateway that uses various threat prevention methods, including antispam, antimalware, sandboxing, and anomaly detection.

FortiMail integrates with other Fortinet products, as well as third-party virtual and cloud platforms, to help establish a seamless Security Fabric across the entire attack surface. FortiMail anti-spam processing helps offload other devices in the Security Fabric that would typically carry out this process.

FortiManager

FortiManager is an easy-to-use, single pane of glass management console, that gives you total visibility, full control, and complete protection of your organization’s network.

Using the FortiManager in the Security Fabric allows you to simplify the network management of devices in the Security Fabric by centralizing management access in a single device. This allows you to easily control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for devices in the Security Fabric.

FortiSandbox

FortiSandbox is an advanced threat protection appliance that improves your security architecture by identifying and validating threats in a separate, secure environment.

You can add FortiSandbox to your Security Fabric to improve security with sandbox inspection. Sandbox integration allows FortiGate devices in the Security Fabric to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list.

FortiSwitch

FortiSwitch is a secure access switch that can be integrated into the Fortinet Security Fabric through the FortiLink protocol. FortiLink allows FortiSwitch ports to become logical extensions of the FortiGate. This allows the FortiGate to auto-discover a connected FortiSwitch for provisioning, including the attachment of policy to ports or VLANs. With an integrated access layer, the FortiGate provides consolidated visibility and reporting with Physical and Logical Topology views of the Security Fabric in the Security Fabric menu.

You can add a FortiSwitch to the Security Fabric when it is managed by a FortiGate within the Security Fabric, and connected to an interface that uses FortiTelemetry.

Devices connected to the FortiSwitch appear in the Physical and Logical Topology pages in the Security Fabric menu, and security features, such as FortiClient compliance profiles, are applied to them.

FortiWeb

FortiWeb is a web application firewall that protects hosted web applications from attacks that target known and unknown exploits.

In the Security Fabric, FortiWeb defends the application attack surface from attacks that target application exploits. You can also configure FortiWeb to apply web application firewall features, virus scanning, and web filtering to HTTP traffic to help offload other devices in the Security Fabric that would typically carry out these processes.

Optional devices

The following table shows devices that are optional in the Fortinet Security Fabric:

Device

Description

Other Fortinet products

Many other Fortinet products can be added to the Security Fabric, including FortiAuthenticator, FortiToken, FortiCache, and FortiSIEM.

Third-party products

Third-party products that belong to the Fortinet Fabric-Ready Partner Program.