Before you can add a Security Fabric group to FortiManager, you must create the Security Fabric group in FortiOS.
You must add to FortiManager the root FortiGate for the Security Fabric group. All the devices in the Security Fabric group are automatically added in Unauthorized Devices after you add the root FortiGate.
See also Displaying Security Fabric topology.
To add a Security Fabric group:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Device Manager > Device & Groups.
- Add the root FortiGate unit for the Security Fabric group. See Adding a device using Discover mode. Alternatively, you can enable Central Management in the root FortiGate unit and specify the IP address of the FortiManager. See Authorizing devices.
All devices part of the Security Fabric group are automatically added in Unauthorized Devices.
- Select all devices in Unauthorized Devices and click Add.
- Specify the credentials for each device in the Add Device dialog and click OK.
The entire Security Fabric group with all the devices are added to FortiManager. FortiGate devices are listed under Managed Devices.
If the FortiManager is behind NAT, adding the root FortiGate will not add all the members of the Security Fabric Group automatically. If the FortiManager is behind NAT, the only way is to add each member of the Security Fabric group manually.
Refresh the Security Fabric root after all the members of the group are added to FortiManager. FortiManager retrieves information about the Security Fabric group via the root FortiGate unit. All units are displayed in a Security Fabric group. The Security Fabric icon identifies the group, and the group name is the serial number for the root FortiGate in the group. Within the group, a * at the end of the device name identifies the root FortiGate in the group.