Fortinet black logo

Administration Guide

Home FortiNDR 7.0.4 Administration Guide
7.0.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Using Virtual IP

Using Virtual IP

Virtual IP serves as the external IP of the HA group used by other services in order to improve the handling of a single FortiNDR unit failure. When failover occurs, the new primary unit will replace that IP.

To use Virtual IP, you will need to configure and enable both the primary and secondary units with the same Virtual IP and netmask. To see an example of configuring a Virtual IP on interface port1, see Configuring an HA group.

Example: Configure FortiGate ICAP server with FortiNDR virtual IP

Instead of using the actual IP, you will need to provide the Virtual IP of the HA group when creating an ICAP server profile on FortiGate. For detailed ICAP configuration information, seeFortiNDR and FortiGate ICAP configuration example.

Example: Configure FortiGate Security fabric settings for inline blocking

FortiGate inline blocking requires FortiGate and FortiNDR Security Fabric pairing using the Security Fabric Connector. In order to allow a new primary unit pairing with FortiGate, both the certificate of the two FortiNDR units need to be added to the Device authorization list beforehand.

To configure FortiGate for inline blocking:
  1. On the FortiNDR go to System > Certificate.
  2. Under Local Certificate, select Factory .
  3. In the toolbar click Download , to download the certificate.

To add the certificate to FortiGate
  1. On the FortiGate, go to Security Fabric > Fabric Connectors, and double-click Security Fabric Setup.
  2. Double-click Edit in Device authorization and click Create new.

To enable FortiGate inline blocking:
  1. On the Primary FortiNDR, go to Security Fabric > Fabric Connectors.
  2. In the FortiNDR IP field, enter the Virtual IP.

    Note

    You are not required to configure inline blocking on the secondary unit since the configuration will be synchronized.

    For detailed information about inline blocking configuration, see FortiGate inline blocking (FOS 7.0.1 and higher).

Previous
Next

Using Virtual IP

Virtual IP serves as the external IP of the HA group used by other services in order to improve the handling of a single FortiNDR unit failure. When failover occurs, the new primary unit will replace that IP.

To use Virtual IP, you will need to configure and enable both the primary and secondary units with the same Virtual IP and netmask. To see an example of configuring a Virtual IP on interface port1, see Configuring an HA group.

Example: Configure FortiGate ICAP server with FortiNDR virtual IP

Instead of using the actual IP, you will need to provide the Virtual IP of the HA group when creating an ICAP server profile on FortiGate. For detailed ICAP configuration information, seeFortiNDR and FortiGate ICAP configuration example.

Example: Configure FortiGate Security fabric settings for inline blocking

FortiGate inline blocking requires FortiGate and FortiNDR Security Fabric pairing using the Security Fabric Connector. In order to allow a new primary unit pairing with FortiGate, both the certificate of the two FortiNDR units need to be added to the Device authorization list beforehand.

To configure FortiGate for inline blocking:
  1. On the FortiNDR go to System > Certificate.
  2. Under Local Certificate, select Factory .
  3. In the toolbar click Download , to download the certificate.

To add the certificate to FortiGate
  1. On the FortiGate, go to Security Fabric > Fabric Connectors, and double-click Security Fabric Setup.
  2. Double-click Edit in Device authorization and click Create new.

To enable FortiGate inline blocking:
  1. On the Primary FortiNDR, go to Security Fabric > Fabric Connectors.
  2. In the FortiNDR IP field, enter the Virtual IP.

    Note

    You are not required to configure inline blocking on the secondary unit since the configuration will be synchronized.

    For detailed information about inline blocking configuration, see FortiGate inline blocking (FOS 7.0.1 and higher).

Previous
Next