Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.6
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Connecting to FortiTelemetry agents

    Connecting to FortiTelemetry agents

    This topic applies only to a FortiGate acting as a FortiTelemetry Controller with FortiTelemetry enabled on the System > Feature Visibility page. For a summary of FortiTelemetry-related tasks that you can do in FortiOS, see FortiTelemetry. See also FortiTelemetry Administration Guide.

    The FortiTelemetry Controller connects to FortiTelemetry agents through the Telemetry connector. The following agent connection methods are supported:

    • FortiTelemetry Controller automatically discovers telemetry agents and displays them in the Telemetry connector for manual authorization. You must authorize each agent before the controller can use it.

    • You can configure pre-authorized telemetry connectors, and FortiTelemetry Controller uses the connectors to automatically authorize discovered telemetry agents for use.

    FortiTelemetry agents are either hardware-based or software-based. Deployed agents must be in the same subnet as the internal interface of the FortiTelemetry Controller.

    After FortiTelemetry agents are authorized, a telemetry address with the agent's name and Telemetry sub-type is automatically created.

    Viewing the Telemetry connector and agents

    The Telemetry connector displays the number of FortiTelemetry agents. Edit the Telemetry card to display the list of agents, and edit each agent to display and edit its details.

    To view the Telemetry connector and FortiTelemetry agents:

    1. Go to Security Fabric > Fabric Connectors. The Telemetry connector is displayed.

      Status

      Status of FortiTelemetry: Enabled or Disabled.

      Agents

      The number of online, authorized FortiTelemetry agents discovered by the FortiTelemetry Controller.

      Monitored Tasks

      Number of tasks being monitored by the FortiTelemetry agents based on the configured telemetry profile(s) selected in the firewall policy used by the FortiTelemetry Controller.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

      FortiTelemetry agents are grouped by interface.

      Create new

      Click to create pre-authorized Telemetry connectors to automatically authorize FortiTelemetry agents. See Configuring pre-authorized telemetry connectors .

      Name

      Name of the FortiTelemetry agent.

      Status

      Status of the FortiTelemetry agent.

      Change the status by hovering over the status to display the Edit icon. Click Edit to choose Authorize, Unauthorize, or Reject and click Apply.

      Agent Profile

      Profile assigned to the agent when FortiTelemetry Controller discovers the agent.

      FortiTelemetry Controller automatically creates and assigns the following profiles when no pre-configured profiles exist:

      • The Auto-WINDOWS agent profile is assigned to software agents.

      • The Auto-FTL100G agent profile is assigned to hardware agents.

      • The Auto-MACOS agent profile is assigned to software agents.

      Agent profile details can be viewed in the CLI using the config telemetry-controller agent-profile command.

      Agent Model

      Model of the agent: Windows for software agents and FTL100G for hardware agents.

      Agent Version

      Agent version.

      IP

      IP address of the FortiTelemetry agent.

    3. Select an agent to access additional buttons, such as Edit, Delete, and More.

    4. Select an agent and click Edit. The Telemetry Agent pane opens.

    5. Click OK to close the Telemetry Agent pane.

    6. Click Cancel to close the FortiTelemetry Settings pane.

    Authorizing discovered FortiTelemetry agents

    The FortiTelemetry Controller automatically discovers FortiTelemetry agents, displays them in the Telemetry connector, and assigns to each agent a profile.

    You must manually authorize each discovered FortiTelemetry agent before the FortiTelemetry Controller can use it.

    Some settings can be edited in the GUI or CLI, such as adding an alias or comment or changing the authorization status.

    To authorize FortiTelemetry agents in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Select an agent, and click More > Set Status > Authorize.

    To authorize FortiTelemetry agents in the CLI:

    1. By default, automatically discovered telemetry agents are unauthorized, but you can authorize each agent after it connects to FortiGate.

      config telemetry-controller agent
  edit "FT100GTK24000002"    
    set authz authorize
  next
end
    To edit FortiTelemetry agent settings in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Select an agent, and click Edit to view or edit the following options on the Telemetry Agent pane:

      Name

      Displays the name of the FortiTelemetry agent. You cannot change the name.

      Alias

      Enter an alias for the FortiTelemetry agent.

      Authorization

      Change the authorization status to Authorize, Unauthorize, or Reject.

      Agent Profile

      Displays the assigned agent profile. You cannot change the profile.

      Comments

      Enter optional comments to help identify the agent.

    4. Click OK to save changes.

    Configuring pre-authorized telemetry connectors

    You can configure telemetry connectors to automatically authorize agents after they connect to the FortiTelemetry Controller. You must know the agent name to configure pre-authorized telemetry connectors. The agent name is used to match the discovered agent to the corresponding telemetry connector.

    You can create and use a custom agent profile, or you can use a default agent profile (Auto-WINDOWS and Auto-MACOS for software agents, and Auto-FTL100G for hardware agents) if the FortiTelemetry Controller has created a default agent profile.

    If you create an agent profile, ensure that the model in the agent profile matches the type of agent used.

    To create agent profiles in the CLI:

    1. Create an agent profile for the type of agent you are using.

      A profile for hardware agents should use the ftl-100g model, and a profile for software agents should use the windows or macos model.

      config telemetry-controller agent-profile
    edit "WINDOWS-pre-auth"
        set comment dev win devices
        set model windows
    next
    edit "FTL100G-pre-auth"
        set comment hardware
        set model ftl-100g
    next   
    edit "MACOS-pre-auth"
        set comment dev macos devices
        set model macos
    next
end
    To create pre-authorized telemetry connectors in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Click Create New, and set the following options on the Telemetry Agent pane:

      Name

      Enter the agent name.

      The name starts with FTLWIN for Windows agents, FTLMAC for macOS agents and FT100G for hardware agents.

      Alias

      (Optional) Enter an alias for the FortiTelemetry agent.

      Authorization

      Select Authorize.

      Agent Profile

      Select an agent profile. Ensure the model configured in the profile matches the type of agent.

      Comments

      (Optional) Enter optional comments to help identify the agent.

    4. Click OK. The telemetry connector is displayed in the uncategorized list until the FortiTelemetry Controller discovers the corresponding telemetry agent and uses the connector to automatically authorize the agent and assign a status of Online.

    To create pre-authorized telemetry connectors in the CLI:

    1. Create a pre-authorized telemetry connector for each agent to specify the agent name, authorization, and agent profile.

      The name starts with FTLWIN for Windows agents, FTLMAC for macOS agents and FT100G for hardware agents.

      config telemetry-controller agent
    edit "FT100GTK24000007"
        set alias "FTL100G"
        set authz authorized
        set agent-profile "FTL100G-pre-auth"
    next
    edit "FTLWIN8662451639"
        set alias "WINDOWS-108"
        set authz authorized
        set agent-profile "WINDOWS-pre-auth"
    next    
    edit "FTLMAC0123456789"
        set alias "macOS"
        set authz authorized
        set agent-profile "MACOS-pre-auth "
    next
end
    Previous
    Next

    Connecting to FortiTelemetry agents

    Connecting to FortiTelemetry agents

    This topic applies only to a FortiGate acting as a FortiTelemetry Controller with FortiTelemetry enabled on the System > Feature Visibility page. For a summary of FortiTelemetry-related tasks that you can do in FortiOS, see FortiTelemetry. See also FortiTelemetry Administration Guide.

    The FortiTelemetry Controller connects to FortiTelemetry agents through the Telemetry connector. The following agent connection methods are supported:

    • FortiTelemetry Controller automatically discovers telemetry agents and displays them in the Telemetry connector for manual authorization. You must authorize each agent before the controller can use it.

    • You can configure pre-authorized telemetry connectors, and FortiTelemetry Controller uses the connectors to automatically authorize discovered telemetry agents for use.

    FortiTelemetry agents are either hardware-based or software-based. Deployed agents must be in the same subnet as the internal interface of the FortiTelemetry Controller.

    After FortiTelemetry agents are authorized, a telemetry address with the agent's name and Telemetry sub-type is automatically created.

    Viewing the Telemetry connector and agents

    The Telemetry connector displays the number of FortiTelemetry agents. Edit the Telemetry card to display the list of agents, and edit each agent to display and edit its details.

    To view the Telemetry connector and FortiTelemetry agents:

    1. Go to Security Fabric > Fabric Connectors. The Telemetry connector is displayed.

      Status

      Status of FortiTelemetry: Enabled or Disabled.

      Agents

      The number of online, authorized FortiTelemetry agents discovered by the FortiTelemetry Controller.

      Monitored Tasks

      Number of tasks being monitored by the FortiTelemetry agents based on the configured telemetry profile(s) selected in the firewall policy used by the FortiTelemetry Controller.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

      FortiTelemetry agents are grouped by interface.

      Create new

      Click to create pre-authorized Telemetry connectors to automatically authorize FortiTelemetry agents. See Configuring pre-authorized telemetry connectors .

      Name

      Name of the FortiTelemetry agent.

      Status

      Status of the FortiTelemetry agent.

      Change the status by hovering over the status to display the Edit icon. Click Edit to choose Authorize, Unauthorize, or Reject and click Apply.

      Agent Profile

      Profile assigned to the agent when FortiTelemetry Controller discovers the agent.

      FortiTelemetry Controller automatically creates and assigns the following profiles when no pre-configured profiles exist:

      • The Auto-WINDOWS agent profile is assigned to software agents.

      • The Auto-FTL100G agent profile is assigned to hardware agents.

      • The Auto-MACOS agent profile is assigned to software agents.

      Agent profile details can be viewed in the CLI using the config telemetry-controller agent-profile command.

      Agent Model

      Model of the agent: Windows for software agents and FTL100G for hardware agents.

      Agent Version

      Agent version.

      IP

      IP address of the FortiTelemetry agent.

    3. Select an agent to access additional buttons, such as Edit, Delete, and More.

    4. Select an agent and click Edit. The Telemetry Agent pane opens.

    5. Click OK to close the Telemetry Agent pane.

    6. Click Cancel to close the FortiTelemetry Settings pane.

    Authorizing discovered FortiTelemetry agents

    The FortiTelemetry Controller automatically discovers FortiTelemetry agents, displays them in the Telemetry connector, and assigns to each agent a profile.

    You must manually authorize each discovered FortiTelemetry agent before the FortiTelemetry Controller can use it.

    Some settings can be edited in the GUI or CLI, such as adding an alias or comment or changing the authorization status.

    To authorize FortiTelemetry agents in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Select an agent, and click More > Set Status > Authorize.

    To authorize FortiTelemetry agents in the CLI:

    1. By default, automatically discovered telemetry agents are unauthorized, but you can authorize each agent after it connects to FortiGate.

      config telemetry-controller agent
  edit "FT100GTK24000002"    
    set authz authorize
  next
end
    To edit FortiTelemetry agent settings in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Select an agent, and click Edit to view or edit the following options on the Telemetry Agent pane:

      Name

      Displays the name of the FortiTelemetry agent. You cannot change the name.

      Alias

      Enter an alias for the FortiTelemetry agent.

      Authorization

      Change the authorization status to Authorize, Unauthorize, or Reject.

      Agent Profile

      Displays the assigned agent profile. You cannot change the profile.

      Comments

      Enter optional comments to help identify the agent.

    4. Click OK to save changes.

    Configuring pre-authorized telemetry connectors

    You can configure telemetry connectors to automatically authorize agents after they connect to the FortiTelemetry Controller. You must know the agent name to configure pre-authorized telemetry connectors. The agent name is used to match the discovered agent to the corresponding telemetry connector.

    You can create and use a custom agent profile, or you can use a default agent profile (Auto-WINDOWS and Auto-MACOS for software agents, and Auto-FTL100G for hardware agents) if the FortiTelemetry Controller has created a default agent profile.

    If you create an agent profile, ensure that the model in the agent profile matches the type of agent used.

    To create agent profiles in the CLI:

    1. Create an agent profile for the type of agent you are using.

      A profile for hardware agents should use the ftl-100g model, and a profile for software agents should use the windows or macos model.

      config telemetry-controller agent-profile
    edit "WINDOWS-pre-auth"
        set comment dev win devices
        set model windows
    next
    edit "FTL100G-pre-auth"
        set comment hardware
        set model ftl-100g
    next   
    edit "MACOS-pre-auth"
        set comment dev macos devices
        set model macos
    next
end
    To create pre-authorized telemetry connectors in the GUI:

    1. Go to Security Fabric > Fabric Connectors.

    2. Click the Telemetry connector, and click Edit. The FortiTelemetry Settings pane opens.

    3. Click Create New, and set the following options on the Telemetry Agent pane:

      Name

      Enter the agent name.

      The name starts with FTLWIN for Windows agents, FTLMAC for macOS agents and FT100G for hardware agents.

      Alias

      (Optional) Enter an alias for the FortiTelemetry agent.

      Authorization

      Select Authorize.

      Agent Profile

      Select an agent profile. Ensure the model configured in the profile matches the type of agent.

      Comments

      (Optional) Enter optional comments to help identify the agent.

    4. Click OK. The telemetry connector is displayed in the uncategorized list until the FortiTelemetry Controller discovers the corresponding telemetry agent and uses the connector to automatically authorize the agent and assign a status of Online.

    To create pre-authorized telemetry connectors in the CLI:

    1. Create a pre-authorized telemetry connector for each agent to specify the agent name, authorization, and agent profile.

      The name starts with FTLWIN for Windows agents, FTLMAC for macOS agents and FT100G for hardware agents.

      config telemetry-controller agent
    edit "FT100GTK24000007"
        set alias "FTL100G"
        set authz authorized
        set agent-profile "FTL100G-pre-auth"
    next
    edit "FTLWIN8662451639"
        set alias "WINDOWS-108"
        set authz authorized
        set agent-profile "WINDOWS-pre-auth"
    next    
    edit "FTLMAC0123456789"
        set alias "macOS"
        set authz authorized
        set agent-profile "MACOS-pre-auth "
    next
end
    Previous
    Next